Enterprise-Grade Security

Security & Trust

We practice what we preach. Our own company data is on this platform, subject to the same security standards we provide to you.

We Use Our Own Platform
DrewIs Intelligence LLC (Entity D-001) is the first entity on this platform

We don't just build this platform - we use it ourselves. Our company profile, publications, and credentials are all stored and displayed using the same system you'll use. This means:

  • We trust our own security infrastructure with our business data
  • We're the first to experience any issues (and fix them immediately)
  • You can see exactly how YOUR entity will look by viewing ours

Security Infrastructure

Encryption

Data at Rest

All database records encrypted using AES-256 encryption

Data in Transit

TLS 1.3 encryption for all connections (HTTPS only)

Session Security

HTTP-only, secure, SameSite cookies with automatic expiration

Database Security

Infrastructure

TiDB (MySQL-compatible) with enterprise-grade security

Backups

Automatic daily backups with 30-day retention

Access Control

Role-based permissions (Admin, User, Public)

Infrastructure

Hosting

Manus platform with SOC 2 Type II compliance

File Storage

S3-compatible object storage with access controls

Uptime

99.9% uptime SLA with automatic failover

Monitoring & Auditing

Activity Logs

All entity changes tracked with timestamps and user IDs

Admin Actions

Complete audit trail of all administrative activities

Security Monitoring

24/7 automated monitoring for suspicious activity

Transparency & Control

What We Collect
  • • Account information (email, name)
  • • Entity data you submit
  • • Usage analytics (page views)
  • • Payment information (via Stripe)
How We Use It
  • • Display your entity publicly
  • • Provide API access for AI models
  • • Send transactional emails
  • • Improve platform features

We NEVER sell your data

Your Control
  • • Edit entity data anytime
  • • Export your data in JSON-LD
  • • Delete your entity
  • • Close your account

Full GDPR & CCPA compliance

Compliance & Standards

SOC 2 Type II

Infrastructure

GDPR

EU Compliance

CCPA

California Privacy

PCI DSS

Payment Security

How We Handle Your Data
Complete transparency about data lifecycle

1. Submission

You submit entity data through our secure form. Files are uploaded to encrypted storage. Data is marked as "pending review."

2. Review

Our admin team reviews your submission for accuracy and compliance. We verify business credentials and domain ownership. This is a human process - no automated rejections.

3. Approval

Once approved, your entity goes live with a unique ID (e.g., D-001). It's immediately available through our website and public API.

4. Public Display

Your entity is displayed publicly with JSON-LD schema markup. AI models can access it through our frictionless API. You maintain full control to edit or delete.

5. Deletion

If you delete your entity, it's removed from public display immediately. Data is permanently deleted after 30 days. No traces remain in our system.

Your Security Responsibilities

While we provide enterprise-grade security, you also play a role in keeping your account secure:

  • Use strong passwords - At least 12 characters with mixed case, numbers, and symbols
  • Enable two-factor authentication - Available for all accounts
  • Don't share credentials - Each team member should have their own account
  • Report suspicious activity - Contact us immediately if you notice anything unusual
  • Keep email secure - Your email is the recovery method for your account

Security Incident Response

In the unlikely event of a security incident:

Immediate Response

We'll contain the incident within 1 hour of detection and begin investigation immediately.

User Notification

Affected users will be notified within 24 hours via email with details about what happened and what data was affected.

Remediation

We'll implement fixes and security improvements to prevent recurrence, and provide regular updates until resolution.

Post-Incident Report

A detailed public report will be published explaining what happened, impact, and steps taken to prevent future incidents.

Questions About Security?
We're here to help

If you have security concerns or want to report a vulnerability:

Security Contact

Email: [email protected]

Business: [email protected]

We take all security reports seriously and respond within 24 hours.