Trust Center

Conflation Labs builds tools that support planning, zoning, permitting, design review, and code compliance workflows for both municipal agencies and AEC (architecture, engineering, and construction) firms. We take the protection of the documents, plans, and project data you entrust to us seriously. This page summarizes our approach to security. It is written in plain language and is intentionally high-level; specifics are available on request for customers evaluating the platform.

1. Data Protection

Customer data is encrypted in transit and at rest using industry-standard cryptography. Access to production systems is limited to authorized personnel on a least-privilege basis and is reviewed periodically. Internal systems require strong authentication, and administrative actions are logged.

2. Infrastructure

The platform runs on reputable cloud infrastructure providers in the United States. We rely on managed services that maintain independently audited security controls, and we configure our environment to follow current best practices for network segmentation, secrets management, and patching.

3. Application Security

We follow secure software development practices, including code review, dependency scanning, and testing before release. We monitor for vulnerabilities in our code and our dependencies and address issues on a risk-prioritized basis.

4. Access & Authentication

Customer-facing authentication uses modern password and session practices. Enterprise options, including SSO and role-based access controls, are available for customers that require them. Employee access to customer environments requires multi-factor authentication and is audit-logged.

5. Data Segregation

Customer data is logically separated so that one customer's documents and configuration cannot be accessed by another customer. Access controls are enforced at the application and storage layers.

6. Backups & Business Continuity

We maintain regular backups of customer data and test our recovery procedures. Our goal is to restore service and customer data promptly in the event of an incident, with retention periods designed to balance recoverability and data minimization.

7. Use of AI Models & Third-Party Services

Our platform uses large language models and other AI services from reputable providers to analyze and summarize documents. The following principles apply:

• Not used to train public models. We contract with our AI providers so that customer content processed through the platform is not used to train their public foundation models.
• Contractual protections. All subprocessors that handle customer data are bound by written agreements that cover confidentiality, security, and permitted use.
• Internal model improvement. We may use aggregated or de-identified information about how the platform is used to improve our own features and retrieval quality. We do not share customer documents with other customers.
• Opt-out. Customers may request that their content be excluded from any internal improvement workflows by contacting us.

8. Monitoring & Incident Response

We monitor our systems for security-relevant events and maintain an incident response process. If we identify a security incident that affects customer data, we will notify affected customers in accordance with applicable law and our contractual commitments.

9. Responsible Disclosure

If you believe you have identified a security vulnerability in our platform, please report it to al@conflationlabs.com. We appreciate responsible disclosure and will work in good faith with researchers to investigate and remediate reported issues.

10. Customer Diligence

Prospective customers conducting security reviews can request additional documentation, including information about our controls, subprocessors, and data handling practices. Contact al@conflationlabs.com to begin a review.