Security

How we protect your decks, data-room documents, and investor data. Last updated June 2026.

Infrastructure

Raiz’d is hosted on SOC 2 Type II and ISO 27001-certified infrastructure (Supabase and Vercel). Payments are processed by Stripe, a PCI DSS Level 1-certified provider — Raiz’d never stores or handles your card details.

To be precise: these are our infrastructure providers’ certifications. Raiz’d itself is not yet independently SOC 2 certified, and we don’t claim to be. Our full posture — controls, subprocessors, data practices, and certification roadmap — lives on the Trust Center.

Data protection

• Encryption in transit (TLS) and at rest (via Supabase/Postgres).
• Per-account data isolation enforced by database row-level security (RLS).
• Integration credentials encrypted with AES-256-GCM.
• Link controls: email gating, expiry, revocation, and an optional dynamic viewer watermark.

Reporting a vulnerability

We welcome reports from security researchers. Email security@raizd.xyz with details and steps to reproduce. Please give us a reasonable window to remediate before public disclosure; we won’t pursue legal action for good-faith research that respects user privacy and avoids data destruction. See our machine-readable /.well-known/security.txt.

In scope: raizd.xyz and the Raiz’d web app. Out of scope: denial-of-service, social engineering, and findings in third-party services we don’t control.