Enterprise Security

Trust Center

Security, Privacy & Compliance at Tork

Last updated: January 17, 2026

Security Overview

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption at rest
  • End-to-end encryption for sensitive data

Infrastructure

  • SOC 2 certified infrastructure providers (Vercel, Supabase)
  • Automatic failover and redundancy
  • DDoS protection and WAF

Access Controls

  • Role-based access control (RBAC)
  • API key authentication with scopes
  • Audit logging of all access

Monitoring

  • 24/7 security monitoring
  • Real-time threat detection
  • Automated vulnerability scanning

Compliance Status

GDPR

Ready

Data Processing Agreement available

Request DPA

CCPA

Compliant

California Consumer Privacy Act

Privacy Policy

HIPAA

Ready

Business Associate Agreement available

Request BAA
🔄

SOC 2 Type II

In Progress

Target completion subject to change

📋

ISO 27001

Planned

Certification planned for Q4 2026

Compliance Roadmap

Q4 2025COMPLETED

Security Foundation

  • Infrastructure hardening
  • Encryption implementation
  • Access controls
Q1 2026COMPLETED

Compliance Documentation

  • DPA published
  • BAA published
  • Privacy policy updates
Q2 2026 (target)IN PROGRESS

SOC 2 Type II

  • Audit preparation
  • Control testing
  • Report generation
Q4 2026PLANNED

ISO 27001

  • ISMS implementation
  • Certification audit
  • Continuous improvement

Data Residency

Primary Data Location

All customer account data, audit logs, and persistent storage is located in AWS us-east-1 (Virginia, USA).

Our database provider (Supabase) maintains SOC 2 Type II certification with encryption at rest and in transit.

API Processing

Content sent to our APIs for evaluation is processed in real-time memory only and is NOT persisted after the API call completes.

Edge functions may process requests at the nearest Vercel edge location for optimal latency.

Regional Deployment: We are actively working on regional deployment options for customers with specific data residency requirements (EU, APAC). Contact us to discuss your needs.

View Full Data Residency Details

Sub-processors

Sub-processorLocationPurposeData Processed
Vercel Inc.
Global CDN with regional data centers
United StatesApplication hosting and edge deliveryRequest metadata, application logs
Supabase Inc.
AWS us-east-1 (Virginia)
United StatesDatabase hosting and authenticationAccount data, audit logs, API keys
Resend Inc.
AWS us-east-1 (Virginia)
United StatesTransactional email deliveryEmail addresses, notification content
Upstash Inc.
AWS us-east-1 (Virginia)
United StatesRate limiting and caching (Redis)API key hashes, request counters

For a complete list of sub-processors and notification of changes, contact privacy@tork.network to request our Data Processing Agreement.

Legal Documents

Terms of Service

Service agreement and usage terms

Privacy Policy

How we handle your data

Data Processing Agreement

GDPR-compliant DPA

Request Document

Business Associate Agreement

HIPAA-compliant BAA

Request Document

Standard Contractual Clauses

EU data transfer safeguards — available on request

🇪🇺 GDPR

Incident Response

We maintain a documented incident response plan to ensure rapid detection, containment, and resolution of security incidents.

72h
GDPR Notification
Data breach reporting
60d
HIPAA Notification
PHI breach reporting
24/7
Response Team
On-call availability

Security FAQ

Trusted by Teams Worldwide

See how organizations use Tork to build safer, more compliant AI systems.

Read customer testimonials →

Security Inquiries

For security questions, vulnerability reports, or to request security documentation, contact our security team.

security@tork.network

For general inquiries, email us at hello@tork.network