Skip to main content

Security

How we protect your data. Plain English.

Payments

All payments are processed by Stripe. We never see, store, or have access to your card number. Stripe is PCI DSS Level 1 certified.

Data in transit

HTTPS everywhere. TLS 1.2+ on all connections. No exceptions.

Infrastructure

We run on Netlify (frontend) and secure cloud infrastructure for report generation. Your reports are generated on-demand and delivered via encrypted channels.

What we don't do

  • We don't sell your data
  • We don't store payment card information
  • We don't use your inputs to train AI models
  • We don't share your business information with competitors

AI providers

To generate reports, we send data to third-party AI APIs (OpenAI, Anthropic, Google, etc.). We use API access, not consumer chat products. See our subprocessor list for the full list of providers.

Questions?

Email hi@surmado.com with security questions. For formal security inquiries, contact legal@surmado.com.