Wholisphere
Sign in Start free
Security + trust

Trust center

For security teams evaluating Wholisphere. SOC 2 Type I in progress; full attestation expected within the year. Email security@wholisphere.ai for the security questionnaire (CAIQ + SIG Lite available).

Data flow

Every request takes the same five-step path:

  1. Edge entry — TLS 1.3 to a Cloudflare Worker. WAF + rate limit applied here.
  2. Auth — API key (SHA-256 hash lookup) or session cookie. Per-key IP allowlist + scope check.
  3. PII scrubbing — emails, phone numbers, SSNs, credit cards, JWTs are stripped from any text that may go to an LLM. Per-org regex extensions are appended.
  4. LLM call — routed to Gemini Flash / Pro / Claude based on task complexity + cost. Zero-retention configuration where the provider supports it.
  5. Audit — every billable invocation lands in audit_events with a trace ID. Customer audit log + webhooks fire from the same row.

Sub-processors

A current list of third parties that may process customer data on our behalf. Updated whenever we add or remove a sub-processor; subscribe to the changelog for notifications.

Sub-processor Purpose Region DPA
Cloudflare Edge compute (Workers), D1 SQLite, KV, R2 object storage, DNS, WAF Global / EU / APAC region pinning available DPA
Anthropic LLM (Claude) for vision + complex reasoning US (zero-retention API) DPA
Google (Gemini API) LLM (Gemini Flash / Pro) for routine tasks US / EU (configurable) DPA
Stripe Billing + invoicing (no card data on our infra) US + global DPA
Resend Transactional email (magic links, invites, digests) US DPA
Sentry Error tracking + structured exception capture EU instance available DPA

Authentication + access

  • Email magic-link sign-in (no passwords stored)
  • Sessions in HTTP-only Secure cookies; 30-day sliding expiry
  • Google Workspace OIDC SSO with hosted-domain enforcement (Platform plans)
  • API keys: whk_* format, SHA-256 hashed at rest, plaintext shown once
  • Per-key IP allowlist (CIDR-based) and per-route scope enforcement
  • RBAC roles: owner / admin / editor / viewer / api

Data protection

  • All transport TLS 1.3 (HSTS preload submitted)
  • D1 / KV / R2 encrypted at rest by Cloudflare
  • PII scrubber runs on every text input bound for an LLM
  • Stripe-hosted billing (no card data on our infra)
  • Webhook signature verification: HMAC-SHA256 with timestamp + replay protection
  • Per-plan audit-log retention: free + pro 90d, platform 1yr, enterprise unlimited
  • 30-day deletion grace on DSAR requests; full export on demand

Operational

  • Structured logging with trace IDs spanning extension → backend → LLM
  • Sentry for error tracking; alert on 5xx > 1% over 5 minutes
  • Cron-driven uptime probes against /v1/health every minute; results power status.wholisphere.ai
  • Internal SLO dashboard with sampled per-route p50/p95/p99 latency + error rate
  • Webhook deliveries retried with exponential backoff (60s → 4h, 5 attempts)

Compliance

  • SOC 2 Type I — in progress with Drata; expected completion mid-year
  • HIPAA BAA — available on Platform + Enterprise plans
  • GDPR DPA — available on request; auto-included for EU-region orgs
  • EU data residency — eu.api.wholisphere.ai routes through EU-resident Workers + D1
  • VPAT 2.5 INT — auto-generated per-product from real findings (not vendor self-claims)

Marketing analytics

Our marketing site (wholisphere.ai) and docs use Plausible for aggregate traffic analytics. Plausible is cookie-free, GDPR/PECR/CCPA compliant by default, and stores no personal data. We see counts of page views and a small set of opt-in goal events (clicked the demo CTA, started signup, picked a pricing tier) — never individual visitor sessions.

The dashboard, extension, and embed widget contain no third-party analytics. The only telemetry we collect from authenticated customers is opt-in per-org, scoped to your own audit log, and exportable.

Reporting vulnerabilities

Found a security issue? Email security@wholisphere.ai. We acknowledge within 1 business day, fix critical issues within 30 days, and publish CVEs where applicable. Bug bounty in private beta — request scope at the same address.

For procurement / compliance reviews (SIG Lite, CAIQ, custom questionnaire), contact trust@wholisphere.ai.