Trust

Second Eye is built for credit professionals who handle regulated, confidential portfolio data. This page explains how we protect it.

Security overview

Each customer workspace is isolated at the database level. Data is encrypted at rest with AWS KMS and in transit over TLS. Application services run in isolated AWS containers with no co-located customer databases.

Compliance

SOC 2 evidence collection and control mapping are in progress. Security reviews receive the current control matrix, subprocessors, data-flow notes, and hosting details rather than a generic questionnaire response.

Data handling

Document ingestion applies redaction before sensitive material reaches specialist analysis. Search indexes and source materials stay under customer retention controls. Export and deletion paths are handled through authenticated admin tools.

Sub-processors

Amazon Web Services - compute, storage, database, secrets, email delivery, and monitoring infrastructure.

Anthropic - LLM inference through the governed inference path with cost controls, redaction, and audit metadata.

Voyage AI - embeddings for retrieval and citation, governed under the same tenant-data handling controls.

Vulnerability disclosure

Report vulnerabilities to security@secondeye.net. We respond within 48 hours and coordinate disclosure windows by severity.