Security at Tag Taxonomy
Protecting your data is fundamental to how we build and operate Tag Taxonomy. Our infrastructure is designed with security at every layer -- from authentication to storage to AI processing.
Infrastructure
Tag Taxonomy is hosted on Vercel, leveraging their global edge network for low-latency access worldwide. All traffic is encrypted with automatic HTTPS and TLS certificates.
- Hosted on Vercel with global edge network distribution
- Automatic HTTPS with managed TLS certificates
- Neon Postgres for database storage (SOC 2 Type II certified)
- Data encrypted at rest with AES-256 encryption
- Data encrypted in transit with TLS 1.3
- Automatic backups and point-in-time recovery
Authentication
Authentication is powered by Clerk, a SOC 2 Type II certified identity platform. Tag Taxonomy never sees or stores your password.
- Powered by Clerk (SOC 2 Type II certified)
- GDPR compliant identity management
- Multi-factor authentication (MFA) support
- OAuth providers (Google, GitHub, and more)
- SAML support available on Enterprise plans
- Session management with automatic token rotation
Data handling
We store only the data necessary to provide the service. Your data is isolated per user and can be deleted on request.
- Data stored: project names, taxonomy nodes, chat messages
- Passwords are never stored -- handled entirely by Clerk
- Strict data isolation between users at the database level
- Cascade deletes ensure complete data removal when requested
- No data sharing between accounts or projects
- All database queries are parameterized to prevent injection
AI processing
Taxonomy generation is powered by the OpenAI API. Your data is sent to OpenAI only for real-time processing and is not used for model training.
- Uses the OpenAI API for taxonomy generation
- Data is sent to OpenAI for processing only -- not stored by OpenAI
- OpenAI API data is not used for model training by default
- No taxonomy data is retained by OpenAI after processing
- API requests are encrypted in transit
- Only the minimal context necessary is sent to the AI model
Compliance
Tag Taxonomy is built on SOC 2 certified infrastructure providers and is designed with GDPR compliance in mind.
- GDPR-ready: data export and deletion available on request
- SOC 2 Type II compliance via infrastructure providers (Neon, Clerk)
- No unnecessary data collection or tracking
- Cookie policy with clear opt-out mechanisms
- Data processing limited to the purposes described in our privacy policy
- Regular security review of third-party dependencies
Responsible disclosure
We take security vulnerabilities seriously. If you discover a potential issue, we encourage responsible disclosure.
- Report vulnerabilities to security@tag-taxonomy.app
- We acknowledge reports within 48 hours
- We aim to resolve critical issues within 7 days
- We will not pursue legal action against good-faith reporters
- We credit researchers who help improve our security (with permission)