Privacy & Security

How Thoughtful protects your data and maintains enterprise-grade security.

Our Commitment

Thoughtful is built for teams that handle sensitive information. We take security seriously and implement industry-standard practices to protect your data.

SOC 2 Compliance

We are currently undergoing a SOC 2 Type I audit, with Type II to follow shortly after. These certifications validate that our systems and processes meet rigorous standards for:

  • Security — Protection against unauthorized access
  • Availability — System uptime and reliability
  • Confidentiality — Safeguarding sensitive information
  • Processing Integrity — Accurate and complete data processing
  • Privacy — Proper handling of personal information

We expect to complete our SOC 2 certification soon. Contact us at security@thoughtful.app for the latest status or to request our security documentation.

Data Protection

Encryption

  • In transit — All data is encrypted using TLS
  • At rest — Data is encrypted using AES-256

Access Controls

  • Role-based access control (RBAC) for team workspaces
  • Enterprise SSO via WorkOS (SAML, Google, Microsoft, and more)
  • Session management with secure token handling

Audit Logging

All changes to pages and workspace content are tracked through our event sourcing architecture. Every action is recorded with the user, timestamp, and full payload — providing a complete audit trail for compliance and debugging.

Infrastructure

  • Hosted on enterprise-grade cloud infrastructure
  • Automated vulnerability scanning

AI & Data Usage

Your Data, Your Control

  • Your conversations and pages are not used to train AI models
  • Data is processed only to provide the service you request
  • You can export or delete your data at any time

Third-Party AI Providers

When you use AI features, prompts are sent to the AI provider you've selected (OpenAI, Anthropic, etc.). Each provider has their own data handling policies:

We recommend reviewing these policies, especially for sensitive workloads.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@thoughtful.app. We appreciate responsible disclosure and will work with you to address any issues promptly.

Questions?

For security questionnaires, compliance documentation, or other security-related inquiries, contact security@thoughtful.app.