Skip to content
M·01
Security

Built for institutional-grade security.

When it comes to your data security, don't compromise.

Sub-processors
M·02
M·02 · Controls

How Misano works today.

01

EU data residency

Production database in Supabase Frankfurt. Customer data does not leave the EU.

02

No training on your data

LLM calls go to Anthropic (Claude) and OpenAI. Neither vendor uses your API data to train its models.

03

Encryption at rest and in transit

AES-256 at rest in Supabase. TLS 1.3 in transit. Standard managed-database posture.

04

Per-tenant isolation

Row-level security at the Postgres layer. One customer cannot read another customer's data.

05

Google OAuth only

No password storage. SSO and 2FA are on the roadmap, not yet live.

06

GDPR-native

Right to access, right to erasure, DPA signable in app. Czech ÚOOÚ is the supervisory authority.

M·03
M·03 · Sub-processors

Every vendor with access.

These are the only third parties that touch data. The list is updated whenever it changes. Third parties receive data in isolation and with the minimum context necessary.

VendorRoleLocationSafeguards
SupabaseDatabase, auth, file storageEU · FrankfurtEU residency
AnthropicLLM inference (Claude)EU + USNo training
OpenAILLM inferenceUSNo training
ExaNeural web search (Scout)USQuery-scoped
StripePayments and invoicingEU · IrelandPCI DSS
ResendTransactional emailUSEmail-scoped

Full sub-processor list at /legal/sub-processors.

M·04
Evaluate

Hold us to the same bar you hold your portfolio to.

The security of customer data and our choice of third-party tools is a strategic, long-term decision we don't take lightly.

Get startedContact