SharpRoot

Trust & Security

Your customer data is safe with us

We built SharpRoot for PMs who work with sensitive customer research data. Here's exactly how we protect it — in plain language.

TLS 1.3 in transit
AES-256 at rest
AI never trains on your data
Workspace-level isolation
Audit logs on all actions
SOC 2 Type I (planned)

Encryption

Data in transit

TLS 1.3 on all connections. No exceptions.

Data at rest

AES-256 encryption on all stored data, including uploaded files and database records.

File storage

All uploaded files stored on Cloudflare R2 with server-side encryption. Access via pre-signed URLs with short expiry.

AI Data Handling

Anthropic API

We use Anthropic's Claude API for AI features. Anthropic does not train on API data. Your research content is never used to train AI models.

Prompt injection mitigation

User-uploaded content is always framed as data input, never as instructions. AI outputs are validated before being stored or shown.

No third-party training

We never share your research data with any third party for training purposes.

Data Isolation

Workspace isolation

Every database query is scoped to your workspace. You can never access another user's data, by design.

Database

PostgreSQL hosted on Neon with row-level isolation on every table. No shared tables between workspaces.

Audit logging

All data access and modification actions are logged for compliance and incident investigation.

Authentication

Password hashing

Passwords are hashed with bcrypt (cost factor 12). We never store plaintext passwords.

OAuth 2.0

Support for OAuth login via Google and GitHub. Session tokens are short-lived and rotated on each request.

Magic links

Passwordless email login via time-limited, single-use magic links (10-minute expiry).

File Upload Security

Pre-signed upload URLs: Files are uploaded directly to Cloudflare R2 via pre-signed URLs — they never pass through our application server.
Magic byte checking: All uploaded files are validated at the binary level to confirm they match their declared MIME type.
Virus scanning: Files are scanned for malware before processing. Malicious files are rejected and not stored.
Size limits: Maximum 50 MB per file. Aggregate storage per workspace is unlimited on the standard plan.

Compliance Roadmap

We are currently planning for SOC 2 Type I certification. If you have specific compliance requirements, contact us and we'll work with you directly.

SOC 2 Type I (planned)GDPR compliant data handlingData deletion on request

Have a security concern or question?

Email us at security@sharproot.com. We respond within 24 hours.

Start Free Trial