Security & Privacy Overview

Find Your Great captures work activity from your tools to build performance evidence. Because that data is sensitive, security isn't bolted on — it's the architecture. Sensitive content is screened on your device before it ever leaves. Your data is double-encrypted with a key only your device holds. And you control exactly which apps are observed, what gets shared, and when it's deleted.

Security Architecture

On-Device Privacy Guard

A local AI model screens every capture before it leaves your computer, blocking 17 categories of sensitive content including credentials, financial data, government IDs, and PII. Fail-closed: uncertain verdicts are blocked, not allowed.

Double Encryption

Data is encrypted with AES-256-GCM using a key stored in your device's secure keychain, then wrapped with a server master key. A database breach alone can't expose your data — an attacker would need both keys. The server can only decrypt while your desktop app is running.

Selective Capture

Whitelist-only: you choose exactly which apps Find Your Great can observe. Only the frontmost whitelisted window is captured. Background windows are never seen. Screenshots are processed in memory and never written to disk.

User Control

You review every impact summary before it's shared. Pause capture with one button. Delete all data permanently at any time. Remote wipe deletes your encryption key instantly if a device is lost.

For full technical details, see Privacy & Security in Docs.

Infrastructure

  • Hosting: AWS us-east-2 (Ohio, USA)
  • Encryption in transit: TLS 1.2+ for all connections
  • Encryption at rest: AES-256-GCM with device-bound keys
  • Breach notification: Customers within 24 hours, supervisory authorities within 72 hours

Compliance

Compliant

GDPR

EU representative appointed, DPA available, Standard Contractual Clauses for cross-border transfers.

Compliant

CCPA

Full compliance with California Consumer Privacy Act and related US state privacy laws.

In Progress

SOC 2 Type II

Audit underway. Direct security assessments available on request in the interim.

Aligned

ISO 42001 AI

AI governance practices aligned with ISO 42001 standards for responsible AI management.

Aligned

NIST AI RMF

Risk management practices aligned with the NIST AI Risk Management Framework.

Trust Center

Access our complete security documentation, compliance certifications, and audit reports.

Open Trust Center

Questions about Security or Compliance?

Use the chat widget in the bottom-right corner to reach our team.