Security & Trust Center
The compliance layer marketplaces rely on — built to be auditable from day one. This page documents our data handling practices, encryption posture, sub-processors, DPA template, and compliance roadmap.
Data Handling
Filtrate is designed to minimise data exposure at every step. Image bytes arrive, get processed in-memory, and the processed result goes to storage. The original never does.
Image Lifecycle
.webp({ quality }) — no .withMetadata() call, so all EXIF, IPTC, XMP, and GPS tags are stripped before any downstream step.verdict_cache. No image bytes are stored alongside it.Retention Summary
Encryption
All data is encrypted in transit and any persisted data is encrypted at rest.
Sub-Processors
We use a small, stable set of third-party processors. All are SOC 2 certified or equivalent. If a new processor is added, we will update this page and notify enterprise customers with at least 30 days notice.
| Processor | Purpose | Data Shared | Region | DPA / Security Docs |
|---|---|---|---|---|
| Render | Application hosting — runs the Express API server | All inbound API traffic; no data stored by Render beyond logs | us-east-1 (AWS) | render.com/dpa |
| Neon | PostgreSQL database — stores usage logs, API keys (hashed), invoices, and verdict cache | API key hashes, usage metadata, billing records. No image bytes. | us-east-1 (AWS) | neon.tech/privacy |
| Cloudflare R2 | Object storage — stores processed (EXIF-stripped) WebP output images | Processed WebP bytes only. Original input never reaches R2. | Global (Cloudflare network) | cloudflare.com/trust-hub |
| OpenAI | AI content moderation — GPT-4o-mini vision evaluates the processed WebP for compliance flags | Processed WebP bytes (post-EXIF-strip). No original input, no PII from your users. Images are not used to train OpenAI models per API usage policy. | US (OpenAI API) | openai.com/policies |
| Stripe | Payment processing — Stripe-hosted Checkout for invoice payment; Billing Portal for self-serve management | Customer billing contact (email), payment method. No image data. | US (Stripe servers) | stripe.com/privacy |
| Postmark | Transactional email — invoices, API key notifications, billing receipts | Recipient email address, email body content (invoice data). No image data. | US (Postmark servers) | postmarkapp.com/privacy-policy |
Compliance Posture
Filtrate operates as a data processor under GDPR Art. 28 — we process images on behalf of marketplace operators (the controllers). Our standard DPA is available for download below.
Data Processing Agreement (DPA)
Enterprise and GDPR-regulated customers often require a signed DPA before going live. We provide a standard template you can use as-is or propose amendments to.
The DPA template is an HTML file — open in your browser and use Print → Save as PDF to produce a PDF. If you require amendments or a Word document version, email security@filtrate.polsia.app.
Security Practices
How we protect the API, your keys, and your data in transit and at rest.
Vulnerability Disclosure
We follow a coordinated disclosure model with a 90-day window. If you find a security issue, we want to hear from you.
Responsible Disclosure Policy
Report security vulnerabilities to security@filtrate.polsia.app. Please include: a description of the issue, steps to reproduce, your assessment of severity (CVSS score if possible), and whether you'd like to be credited publicly.
Our commitments:
• We will acknowledge your report within 2 business days.
• We will provide a status update within 7 days confirming whether the issue is valid and our intended timeline.
• We operate a 90-day coordinated disclosure window — we ask that you do not publicly disclose the issue during this period while we work on a fix.
• We will credit researchers by name in our release notes (or maintain anonymity at your request).
• There is no bug bounty programme at this time; we appreciate the community's help and will acknowledge all valid reports.
We ask that you do not exploit or exfiltrate data, perform denial-of-service attacks, or access accounts that are not your own while researching potential issues.
Status & Uptime
Real-time API availability and historical uptime.
Security questionnaire, DPA, or pen-test report?
Email us directly at security@filtrate.polsia.app, or use this form — we respond within 1 business day.
Evaluating providers? See our public latency, accuracy, and cost benchmarks →