At TraitTune, the strongest control is architectural: no one — not an employee, not an administrator, not an attacker who breaches our cloud — can read your content or bulk-decrypt our database. End-user content (assessment responses, chat, memory) is encrypted at rest with AES-256-GCM via AWS KMS, and the key policy denies the decrypt permission to every human principal; only the application service role can decrypt, one record at a time, for the logged-in owner. A database exfiltration yields ciphertext.
There is exactly one narrow door: lawful access. When we are legally compelled (e.g., a valid court order), a break-glass procedure decrypts only the specific records named — never the whole dataset — under dual approval with legal-counsel review, via a per-record, time-boxed, single-use key grant, with every step immutably logged. It was drill-tested in July 2026.
On top of that foundation we run row-level data isolation, least-privilege access, a secure development lifecycle, and continuous monitoring. We are transparent about status: our SOC 2 program is in progress (Type I targeted, then Type II) and our controls are aligned with ISO/IEC 27001 — we do not claim certifications we have not yet earned. GDPR and CCPA data-rights (export, deletion with irreversible anonymization, no sale of personal data) are live today. AI features run on enterprise foundation models inside our own AWS environment; user content is never sent to third-party AI vendors and never used to train third-party models. For a security questionnaire or anything not covered here, contact security@traittune.com.