Security & trust

Enterprise-grade by default. Built to clear procurement.

Heatseeker runs on enterprise data and live brand-facing experiments. Both are protected the way your security, legal and brand teams expect — audited, encrypted, and never used to train anyone else's model.

Request security docs →
SOC 2
Type II audited
AES-256
Encryption at rest
GDPR
Aligned processing
US & AU
Data residency
How we protect you

Four commitments, end to end.

Audited & certified
SOC 2 Type II

Independently audited security controls covering availability, confidentiality and processing integrity — report available under NDA.

Encrypted everywhere
AES-256 at rest, TLS in transit

Every byte is encrypted in storage and over the wire. Access is scoped, least-privilege, and fully logged.

Your data stays yours
Never trains third-party models

Your first-party data is used only to serve you. It is never pooled, sold, or used to train shared or external models.

Brand-safe testing
Stealth mode

Run live experiments under lookalike brands so bold ideas are validated with real buyers before they ever touch your brand.

Your data lifecycle

In your control at every step.

Your first-party data powers the Customer Context Layer — and stays yours. We process it to serve you, never to enrich a shared model or another customer.

01
Ingest

Connected over encrypted channels with scoped, least-privilege access you control and can revoke.

02
Isolate

Your context layer is logically isolated to your organization. AES-256 at rest, TLS in transit.

03
Use

Used only to generate your predictions and experiments — never to train third-party or shared models.

04
Retain & delete

Retention is set by your policy. Request export or deletion at any time and we honor it.

Brand-safe by design

Test in the open market without exposing the brand.

Stealth mode runs live experiments under lookalike brands, so you can validate bold ideas with real buyers before a single thing touches your brand. Nothing ships under your name until you've seen the evidence.

Live ads running under a lookalike brand
SOC 2 Type II
Independently audited controls.
SSO & access control
SAML SSO and role-based access.
Audit logging
Activity trails for review and export.
DPA on request
Standard data processing agreement.

Send it to your security team.

We'll share our SOC 2 report, DPA and architecture overview under NDA.

Request security docs →