TRUST & SAFETY
We know you are uploading confidential engineering drawings. Here is exactly how we protect them and why your intellectual property is safe with us.
Your drawings are never stored. When you upload a PDF, it is rendered to an image in your browser, sent to our server over HTTPS, analyzed, and immediately discarded. It is never written to a database, file system, or any persistent storage. There is no drawing file to breach.
All communication between your browser and our servers uses TLS 1.3. The redprint.app domain enforces HTTPS — unencrypted connections are rejected. Your drawing image is encrypted end-to-end from your browser to our AI provider.
Our infrastructure runs on Vercel (SOC 2 Type II certified) and Supabase (SOC 2 Type II certified). These are enterprise-grade platforms with their own extensive security programs, physical security, and compliance certifications.
Passwords are hashed using bcrypt — we never store plaintext passwords. Sessions use cryptographically signed JWT tokens. Row Level Security is enforced at the database level — a user can never access another user's review data, even in the event of an application bug. API routes require authentication and unauthenticated requests are rejected before any processing occurs.
Your drawing image is processed by Anthropic's Claude API. Data sent via API is not used to train Anthropic's models by default per their API terms. Anthropic is a leading AI safety company with enterprise security practices. We only send the minimum necessary data — the drawing image and a review prompt. No account information, names, or other personal data is sent to Anthropic.
Payments are processed by Stripe, which is PCI DSS Level 1 certified — the highest level of payment security certification. We never see, handle, or store your credit card number. Stripe's secure checkout handles all card processing.
Production database credentials are never stored in source code. Environment variables are stored encrypted in our hosting platform. Source code is maintained in a private repository. We follow the principle of least privilege — services only have access to what they need.
If you discover a security vulnerability in Redprint, please email us at hello@redprint.app. We take all reports seriously and will respond within 48 hours. We ask that you give us reasonable time to address issues before public disclosure.
Questions about security? Email us at hello@redprint.app. We are happy to provide more detail for enterprise procurement or compliance reviews.