Security & Trust
Our Approach
ChangeMap is designed to protect customer information through a combination of technical, administrative, and operational safeguards appropriate for an early-stage SaaS platform.
Infrastructure
ChangeMap is hosted using Vercel and Supabase. Supporting providers include Cloudflare, Stripe, Postmark, OpenAI, Anthropic, Featurebase, and Google Analytics.
Encryption
Data transmitted between users and the Service is protected using TLS encryption. Data at rest is protected through security controls provided by underlying infrastructure providers.
Access Controls
Access to production systems is restricted to authorized personnel. Authentication and authorization controls are enforced through platform services and application-level permissions.
AI Processing
ChangeMap uses OpenAI and Anthropic to provide AI-powered functionality. Information is transmitted only as necessary to provide requested features and services.
Backups and Recovery
ChangeMap currently relies on Supabase-managed backup capabilities. Deleted customer data may remain recoverable for up to seven (7) days before permanent deletion, subject to backup retention, legal obligations, and disaster recovery requirements.
Monitoring and Logging
Operational logging and monitoring are used to support reliability, troubleshooting, fraud prevention, and security investigations.
Incident Response
ChangeMap will investigate confirmed security incidents and notify affected customers without undue delay and in accordance with applicable law.
Compliance Posture
ChangeMap is designed with GDPR, applicable U.S. state privacy laws, and industry security practices in mind. ChangeMap does not currently claim SOC 2, ISO 27001, or other third-party certification.
Security Contact
Security concerns may be reported to security@usechangemap.com.