Trust & Security

Socianote handles sensitive participant data for social service agencies. We take that responsibility seriously. This page is how we tell you exactly what we do and don't do with your data, and how to get answers to anything we haven't covered.

Privacy policy

How we collect, use, and protect personal data — designed to GDPR and PDPA principles.

Read policy

Data processing agreement

Template DPA for customer agencies. Defines our role as processor and your rights as controller.

View DPA

Subprocessors

The vendors we use to deliver Socianote — Supabase, Vercel, Resend — with their data locations.

View list

Security overview

Encryption, access control, audit logging, row-level security. The architectural defaults that keep your data safe.

Read more

Status

Real-time service health and incident history.

Coming soon

Acceptable use

What you can and cannot do with Socianote. Applies to all accounts and users.

Read AUP

Security contact

Report a vulnerability, request a custom DPA, or ask any security or compliance question.

security@socianote.com

Honest about what we are — and aren't

Socianote is built to GDPR and PDPA principles. We are not currently SOC 2 or ISO 27001 certified. EU data residency is available on request for enterprise customers. Our infrastructure runs on bank-grade providers (Supabase, AWS Singapore, Vercel) with encryption at rest and in transit.

About staff access: like every hosted SaaS, authorised Socianote personnel may access customer data for service operation, support, security investigation, and legal compliance. There is no casual or routine access — every access is logged and tied to a specific operational reason. Personnel are bound by written confidentiality agreements. Read the full staff-access disclosure →

If you need a specific certification, column-level encryption, bring-your-own-key (BYOK), or a custom DPA, contact security@socianote.com.

Procurement pack for your board

DPA, privacy policy, terms, security checklist, and honest certification status — all in one page.