Attaché is built for foreign-ministry work. This page summarises how we handle data, which sub-processors we use, and where your content is processed.
Live policy documents, security questionnaires, and certification evidence are hosted on our external compliance portal (Comp AI). That portal opens in your browser and is not part of the installed Attaché application.
No training on your data. Every call to Anthropic and Perplexity uses contractual no-training terms. We pass provider flags on each request. Your drafts, dossier material, and uploaded sources are not used to train foundation models.
EU data residency. Production workloads run in EU regions: Vercel (Frankfurt) and Supabase Postgres (EU). We do not route tenant content through US regions for EU deployments.
Encryption. TLS 1.3 for data in transit. Supabase Postgres and Storage use AES-256 encryption at rest. Backups are encrypted with separate keys.
GDPR / UK GDPR. We maintain a record of processing activities and provide a data processing addendum (DPA) on request for institutional customers. Lawful basis for processing is contract performance and legitimate interest in securing the service.
No routine human access. Attaché staff do not read your prompts or draft outputs in the ordinary course of operations. Production debugging redacts content. Break-glass access requires a documented incident and is logged.
tenant_id. Supabase Row Level Security enforces isolation at the database layer; application bugs cannot return another tenant's rows.Attaché relies on the following sub-processors for core product operation. The authoritative dated list is maintained on the compliance portal.
Each dossier and draft carries a classification label (unclassified through secret). Restricted material disables live web research by default. Confidential and secret classifications block external provider calls in the drafting pipeline; attempts are recorded in your audit log. Curated corpus and dossier retrieval remain available where policy allows.
Exports include visible classification banners in .docx and PDF. Higher classifications require explicit opt-in per dossier.
Draft generation, source retrieval, exports, clearance actions, and agent runs are written to an append-only audit log visible under Settings → Organisation. Logs are exportable as CSV for your records.
Account deletion removes primary tenant content within 24 hours and from backups within 30 days, per our terms of service. Soft-delete applies to dossiers and uploads until you permanently remove them.
Full security documentation — privacy policy, DPA, sub-processor register, SOC 2 / ISO 27001 status, and security questionnaire responses — is published on our external trust portal, powered by Comp AI (comparable to Vanta or Drata).
The portal is a standard web site. It is intentionally not embedded in the Attaché PWA so policy updates and audit evidence stay current without an app release.
Open compliance portalCertification roadmap: GDPR baseline (live) → SOC 2 Type I → SOC 2 Type II → ISO 27001 for institutional buyers. Status updates appear on the portal as audits complete.
Trust and privacy questions: trust@attacheai.com
Security reports: security@attacheai.com
Data processing agreements: legal@attacheai.com