Last updated: April 23, 2026
PDF Formula takes the security of your data seriously. We handle sensitive sales conversations, prospect intelligence, and compliance-regulated workflows. This page documents our security posture for customers, enterprise buyers, and security researchers.
In transit: All traffic to and from pdfformula.io is encrypted with TLS 1.3 at the Vercel edge layer.
At rest: All data stored in Supabase is encrypted at the disk layer. Field-level AES-256-GCM encryption infrastructure is in place for sensitive future fields.
Authentication: Supabase Auth with row-level security (RLS) enforced on every table. Users can only see their own data.
Hosting: Vercel Pro (SOC 2 Type II certified). Hosted in us-east-1 with global edge cache.
Database: Supabase Pro (SOC 2 Type II certified), Postgres 15, daily automated backups with 7-day retention.
AI Providers: Anthropic (SOC 2 Type II), OpenAI (SOC 2 Type II). All AI queries processed via API; providers do not train on your data.
Comprehensive logging of all administrative actions. Enforced role-based access to all internal resources (super_admin, elite, precision, starter).
Two-factor authentication enabled on all administrative accounts (GitHub, Vercel, Supabase).
Rate limiting enforced on all AI and developer API routes via Upstash Redis with sliding-window algorithm.
Errors, performance, and security events are monitored 24/7 via Sentry.
Uptime monitored globally via BetterStack with multi-region pings and email alerts.
Documented incident response procedures covering outages, database issues, key compromise, and more.
Dependency audit (npm audit) runs on every CI build via GitHub Actions.
Critical vulnerabilities are addressed within 7 days. High-severity vulnerabilities in direct dependencies within 30 days.
A public vulnerability register lives in our repository at SECURITY.md.
PDF Formula has 17 provisional patents pending at the USPTO with 104 claims filed. Our proprietary 7-Phase Precision Decision Framework and Quantum AI Architecture technology are fully original intellectual property of PDF Formula LLC.
SOC 2 Type I: Planned Month 4 (accelerated by our built-in compliance monitoring system, covered by patent #9).
SOC 2 Type II: Planned Month 10.
For current compliance status or accelerated timeline requests (HIPAA, GDPR, state-level requirements), contact enterprise@pdfformula.io.
If you believe you've discovered a security vulnerability, please email security@pdfformula.io.
Response SLA: Critical 24 hours / fix 7 days. High 72 hours / fix 30 days. Medium 1 week / next sprint.
For the full responsible disclosure policy, see SECURITY.md in our repository.
For security questionnaires, procurement reviews, or accelerated compliance timeline requests, contact:
enterprise@pdfformula.io
PDF Formula LLC · Bluffdale, Utah