Trust and security

How Second Eye protects confidential borrower materials, lender models, and portfolio reporting.

Security overview

Customer workspaces are separated, encrypted in AWS, and served over TLS. Production access is limited to approved people and connected systems.

Compliance

SOC 2 control mapping is in progress. Security reviewers receive the current control matrix, sub-processor list, data-flow notes, and hosting details.

Data handling

Document processing uses redaction and retention controls. Exports and deletion requests are controlled by approved workspace owners.

Sub-processors

Amazon Web Services - compute, storage, database, secure settings, email delivery, and monitoring infrastructure.

Anthropic - document analysis support with redaction, cost controls, and review history.

Voyage AI - document search support under the same customer-data handling controls.

Vulnerability disclosure

Report vulnerabilities to security@secondeye.net. We respond within 48 hours and coordinate disclosure windows by severity.