Trust Center
Security, compliance, and privacy documentation for Simple Advisor Tools’s Rollover Analysis Tool.
SOC 2 Type 1 In Progress
At a Glance
- Data minimization: Client PII limited to name, employer, and account value. No SSNs, DOB, or account numbers.
- Encryption: AES-256 at rest (application layer), TLS 1.2+ in transit, bcrypt password hashing.
- Breach notification: We notify customers as soon as possible, and no later than 72 hours after becoming aware of a breach involving Customer Information.
- Business continuity: Documented BC/DR plan with target RTO 24h / RPO 24h, supported by Supabase’s automated daily backups (7-day rolling retention) and operator-run AES-256-GCM encrypted `pg_dump` backups before higher-risk operations.
- Compliance: Controls aligned with SOC 2 Trust Services Criteria. Certification currently underway.
Documentation
Security Overview
Encryption, access controls, audit logging, and infrastructure details.
Privacy Policy
How we collect, use, protect, and retain your data.
Terms of Service
Usage terms, professional responsibilities, and data ownership.
Subprocessors
Third-party providers that support the Service.
Data Processing Addendum
Contractual data protection terms for customers.