Your data is yours. Period.
OpportunityTree processes sensitive customer support and product data. We treat that responsibility seriously.
Data handling
No model training
Your data is never used to train AI models. We use Claude (Anthropic) and OpenAI embedding APIs with zero-retention agreements. Inputs and outputs are not stored by our AI providers.
Encryption everywhere
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database connections use SSL. API keys and credentials are stored in environment-level secrets, never in code.
PII redaction
Our pipeline automatically detects and redacts personally identifiable information from support tickets before any AI processing. Names, emails, phone numbers, and addresses are stripped at ingestion.
NDA by default
Every customer engagement is covered by a mutual non-disclosure agreement. We will sign your NDA or provide ours before any data is shared.
Infrastructure
- Database: Neon Serverless Postgres with automated backups, point-in-time recovery, and branch-level isolation.
- Hosting: Vercel with edge network, automatic HTTPS, and DDoS protection.
- AI providers: Anthropic (Claude) and OpenAI under enterprise data processing agreements with zero data retention.
- Access control: Role-based access with principle of least privilege. No shared credentials. All access is logged.
Your rights
- Data deletion: Request deletion of all your data at any time. We will confirm deletion within 30 days.
- Data export: Export your analysis results, evidence trees, and raw processed data in standard formats.
- Scope control: You choose which data sources to connect. We only access what you explicitly authorize.
- Transparency: Every finding in OpportunityTree traces back to source evidence. No black boxes.
Questions?
If you have security questions or need to report a vulnerability, reach out at security@opportunitytree.com.