Security
How we handle your data.
Short, honest, current. We will expand this page as our compliance program matures. If you need anything that is not covered here, email security@parallaxmodel.com.
Encryption at rest
Data at rest is encrypted with AES-256 via our managed database provider, Neon. Backups inherit the same encryption.
Encryption in transit
All traffic to parallaxmodel.com uses TLS 1.3 with HSTS. We do not serve any content over plain HTTP.
Authentication
Sign-in is managed by Clerk. Email and password, social SSO, SAML SSO, and MFA are all supported. SSO is available on every plan, including the trial.
Data residency
Parallax is hosted in the United States. We do not currently offer an EU-only region. If EU data residency is a hard requirement, email security@parallaxmodel.com and we will tell you honestly where that stands before you sign.
SOC 2 status
SOC 2 Type II is on our roadmap. We are pre-audit: no auditor is engaged yet and no controls framework has been formalized. The controls we actually run today sit in the other cards on this page, including per-tenant row-level security, encryption at rest and in transit, audit logs on membership and billing changes, and no use of customer data for foundation-model training. A custom DPA is available on request.
Data deletion and export
Contact support@parallaxmodel.com to request a full org export or permanent deletion. Deletion requests are honored within 30 days and all backups are purged within the standard retention window.
Model training
We never sell your data. We never train foundation models on your data. Coaching prompts are generated by Anthropic models with data retention turned off at the API level.
Subprocessor list
We notify existing customers by email at least 30 days before adding a new subprocessor.
| Subprocessor | Purpose | Region |
|---|---|---|
| Neon | Managed Postgres database | United States |
| Clerk | Authentication and user management | United States |
| Anthropic | LLM inference for coaching prompts | United States |
| Vercel | Web application hosting and edge delivery | Global |
| Stripe | Billing and payment processing | United States |
| Resend | Transactional email delivery | United States |
| Sentry | Error and performance monitoring | United States |
| PostHog | Product analytics (event capture and identify). Session replay and autocapture are disabled. | United States |
What ships next
This page grows into a full trust center once the SOC 2 Type II audit begins. For now it reflects the controls actually running in production today. Last updated 2026-04-14.