Built for revenue leaders · powered by Anthropic Claude
OutcomeEngineAI

Security

Built so your data is yours.

We're a small team, so we built the security stack into the foundation, not on top of it. Multi-tenant isolation in the database, AES-256 at rest, TLS in transit, and a clear roadmap for the controls procurement asks about.

Multi-tenant by design

Postgres row-level security on every table. Every query a user runs is automatically scoped to their organization via a SECURITY DEFINER helper function. There's no application code path that can read across orgs by accident.

Encrypted everywhere

AES-256 at rest on the database. TLS 1.2+ in transit on every connection. OAuth tokens encrypted via Supabase Vault. Anthropic API calls go over TLS and aren't stored in their training corpus.

US-only data residency

All customer data lives in the United States. Database in us-east-1. Edge functions on the Vercel US region. No replication outside the US. If you need a different region, talk to us.

Tenant isolation

How organizations stay separate.

Every table in the database has an organization_id column. Row-level security policies enforce that authenticated users can only SELECT, INSERT, UPDATE, or DELETE rows where organization_id = auth.user_org(). The helper function reads from the user's own row, which itself is protected by RLS.

This means: even a malicious user with full SQL injection capabilities can't access another tenant's data, because Postgres rejects the row at the storage layer before the query ever returns it. We don't rely on application code to enforce isolation. The database enforces it.

Authentication

Sign in, sessions, and 2FA.

Email + password authentication via Supabase Auth, with bcrypt-hashed passwords. Sessions are JWTs signed by your workspace's key, rotated automatically.

Two-factor authentication via TOTP (Google Authenticator, 1Password, Authy) ships on the Pipeline plan. SSO and SAML ship on the Enterprise plan — typically wired up in a single business day after we receive your IdP details.

Infrastructure

What we run, where it runs.

Database: Supabase (Postgres) in the US. Application: Next.js 16 on Vercel, US edge region. AI inference: Anthropic Claude (US data centers). Email: Resend (US infrastructure).

No third-party vendor receives bulk customer data. AI requests send only the specific deal context the user triggered — never the full database. Anthropic's agreement excludes customer data from training corpus.

What's on the roadmap

The controls procurement asks about.

We're building toward the controls mid-market and enterprise procurement teams expect. Honest status:

  • Multi-tenant Postgres row-level security
    live
  • AES-256 encryption at rest, TLS 1.2+ in transit
    live
  • US-only data residency
    live
  • Encrypted OAuth token storage
    live
  • Anthropic no-training agreement
    live
  • Two-factor authentication (TOTP)
    live
  • SSO / SAML (Google Workspace, Microsoft Entra, Okta)Enterprise plan · ~1 day to wire up after IdP details received
    roadmap
  • Audit log of admin actionsEnterprise plan · ships Q3 2026
    roadmap
  • Custom roles + permissions matrixEnterprise plan · ships Q3 2026
    roadmap
  • SOC 2 Type IIAuditor engaged Q4 2026 if pipeline demands it
    roadmap

Legal

DPA, MSA, and other paperwork.

Customer-friendly templates available on request. We'll redline against your standard MSA. Typical turnaround: 2 business days for first markup, 5 days to executed agreement.

No BAA available yet (no HIPAA workloads supported). Outcome Engine isn't designed for healthcare data; if that's your use case, we're not the right fit.

Enterprise readiness

What procurement asks · what we ship today.

The controls + paperwork mid-market and enterprise legal teams expect. We tell you what's live, what's roadmap, and when — no hand-waving.

Subprocessors

The vendors that touch customer data.

Public list, updated whenever it changes. DPA includes 30-day notice on additions for Enterprise plans.

VendorPurposeRegionData sent
Supabase (Postgres + Auth + Storage)Application database, auth, file storageUS-East (AWS)All customer data at rest
VercelApplication hosting, edge functions, cronUS (multi-region edge)Request/response transit only
Anthropic (Claude API)AI inference for update parsing + analysisUS data centersPer-request deal context. No training corpus.
ResendTransactional + campaign email deliveryUS (AWS-backed)Recipient email + message body
Postmark (optional)Inbound email parsing (reply-to-deal)US (Wildbit)Inbound emails routed to our address
Instantly (Magic Engine only)Cold-outreach outbound + reply webhooksUSOutbound message + reply payloads

AI / model data handling

What we send to the model — and don't.

  • Per-request deal context only

    We send the specific deal, contact, and recent activity context the user just acted on. Never the full database.

  • No training on customer data

    Anthropic's commercial API terms exclude inputs and outputs from model training. We hold them to it contractually.

  • No third-party AI providers without disclosure

    If we ever add another model provider (e.g. for transcription), we update this list and notify Enterprise customers 30 days in advance.

  • Customer data stays in US data centers

    Anthropic's US-region API endpoints only. No EU / APAC routing without explicit customer opt-in.

Human-in-the-loop

AI never writes to your CRM unattended.

  • Confirm before save

    Every AI-parsed update renders as structured chips. Rep taps confirm to write. Nothing auto-posts.

  • Audit-log every write

    The audit log records who wrote what field, when, with what AI suggestion vs. final human edit. Admin-readable.

  • Workspace-admin autopilot policy

    Admins choose per-event: confirm-required, auto-with-notification, or off. Defaults to confirm-required.

  • Reversible writes

    Every AI-driven write can be undone for 7 days from the activity timeline. Audit trail preserved on undo.

Identity + access management

Who can do what, and what we record about it.

  • Role-based access — admin / manager / memberServer-enforced via Postgres RLS. App-layer cannot escalate.
    live
  • Two-factor authentication (TOTP)Per-user toggle. Admin-enforceable workspace-wide on Suite+.
    live
  • Audit log of admin + sensitive actionsPlan changes, role changes, deletions, share-link revocations, AI policy changes.
    live
  • Session expiry + revocationJWT refresh tokens rotate per request. Admin can sign out any user across all devices.
    live
  • SSO / SAML — Google Workspace, Microsoft Entra ID, OktaEnterprise plan · ~1 business day to wire up after IdP metadata received.
    roadmap
  • SCIM 2.0 user provisioning + deprovisioningEnterprise plan · ships Q4 2026.
    roadmap
  • Custom roles + per-field permission matrixEnterprise plan · ships Q4 2026.
    roadmap
  • IP-allowlist + device-trust policiesEnterprise plan · evaluating Q1 2027.
    roadmap

Data lifecycle

Retention, export, deletion.

  • Customer-controlled retentionWorkspace admin sets retention policy per record type. Default: indefinite while subscription active.
    live
  • One-click data exportJSON + CSV export of all org records via Settings → Workspace → Export.
    live
  • 30-day deletion grace period on cancelAfter cancellation, data is read-only for 30 days, then permanently deleted. Admin can request immediate purge.
    live
  • Per-record deletion + auditDeletions write to the audit log. Soft-delete + 30-day undo on most record types.
    live
  • GDPR data subject request workflowEnterprise plan · automated DSR export + erasure for EU contacts. Ships when first EU customer signs.
    roadmap

Compliance roadmap

Audits + certifications · honest dates.

  • Annual penetration testIndependent third-party. Report available under MNDA.
    live
  • DPA, MSA, and customer-friendly redlines2 business days for first markup, 5 days to executed agreement.
    live
  • SOC 2 Type IAuditor engaged when committed Enterprise pipeline crosses $500K ARR. Target: 90 days from engagement.
    roadmap
  • SOC 2 Type II6-month observation window after Type I. Q4 2026 if pipeline supports it.
    roadmap
  • ISO 27001Re-evaluated post-SOC 2 if customer demand justifies.
    roadmap
  • HIPAA / BAANot on roadmap. Outcome Engine isn't designed for protected health data.
    roadmap

Found a vulnerability?

Tell us, we'll fix it fast.

Email security@outcomeengineai.com with a description of the issue and steps to reproduce. We'll acknowledge within 24 hours and update you within 72 hours on remediation timing. We don't run a formal bounty program yet, but we're grateful and will credit responsible disclosure publicly.

Procurement questions?

We'll send a one-pager covering tenant isolation, encryption, vendor list, and roadmap. Usually returned same day.

Email us See pricing