How we protect your data, your payments, and the visitors who chat with your AI.
Encryption
All data is encrypted in transit with TLS 1.3 and at rest within our hosting providers' managed databases. Nothing sensitive ever travels as plaintext.
Authentication
We use Supabase Auth with secure JWT tokens, signed cookies, and per-row database policies. Passwords are never stored by us — Supabase handles bcrypt hashing. Magic-link sign-in is supported.
Data hosting
Application runs on Vercel's global edge network. Data is stored in Supabase on AWS, with daily automated backups. We operate in the United States for primary storage.
Payments
Card details are processed entirely by Stripe. We never see, store, or transmit full card numbers — we only keep a Stripe customer ID and subscription status.
Privacy & compliance
Pounce complies with GDPR and CCPA. Users can request data export or deletion at any time. Full details in our Privacy Policy.
Monitoring & uptime
We target 99.9% uptime. Errors are captured by Sentry, application performance by PostHog, and infrastructure by Vercel's observability tooling.
AI data handling
Conversations processed by Claude (Anthropic) are not used to train models. Anthropic's enterprise terms apply: data is stored transiently for processing only and deleted after return.
Incident response
If we detect a security incident, we notify affected customers within 72 hours as required by GDPR. Contact security@pounce.chat for urgent matters.