GUTSY
Gutsy, data, and you

Platform Infrastructure & Data Security Overview

Last Updated: May 1, 2026

Here's how Gutsy protects the privacy, integrity, and security of company information, using industry-standard tools and certified providers, to ensure that client data stays private, encrypted, and is never used to train AI models.

Security Safeguards

No AI Model Training on Client Data:

Your content is never used to train AI systems (Claude, ChatGPT, Gemini, and Perplexity).

Encrypted Data Everywhere:

Data is encrypted in transit and at rest using TLS 1.2+ and AES-256 standards.

Transient AI Processing Only:

Inputs sent to AI models are not stored after response generation.

Access Control & Isolation:

Role-based access, project-level isolation, and signed JWTs prevent unauthorized data exposure.

What Marketers & Agencies Need to Know

  • Your user and company data stays in Canada (structured data, history)
  • No part of your content trains outside AI models
  • All inputs are encrypted and access-controlled
  • Your files and AI chats are private
  • Infrastructure partners are SOC 2 and ISO-certified

Data Residency & Processing Flow

Persistent User Data:

Stored in Canada Central (AWS) via Supabase. Includes user accounts, project history, saved outputs, and structured research data. All data encrypted at rest (AES-256) and in transit (TLS 1.2+).

Application Logic:

Executed through Vercel (Washington D.C.). Handles routing, authentication, API orchestration, and serverless function execution.

AI & Search APIs (US-based, transient use only):

Inputs sent to API providers are processed transiently and never used for training.

  • ·Anthropic Claude
  • ·OpenAI ChatGPT
  • ·Google Gemini
  • ·Perplexity

File Uploads:

Stored in Vercel Blob Storage (Washington D.C.). Files are encrypted and access-controlled per project.

Certified Infrastructure Providers

Supabase (on AWS Canada Central):

Hosted in Canada Central region (PIPEDA-compliant). Benefits from AWS certifications: ISO 27001, ISO 27701, SOC 1, SOC 2, SOC 3, CSA STAR. Built-in Postgres database with row-level security (RLS).

Vercel:

SOC 2 Type II compliant. Per-deployment isolation, encrypted secrets, access-controlled environments.

AI Technology Providers:

  • ·Anthropic — SOC 2 Type II certified, no training on API data
  • ·OpenAI — SOC 2 Type II certified, enterprise data handling
  • ·Google — ISO 27001, SOC 2, no training on Workspace API data
  • ·Perplexity — Encrypted in transit, transient processing only

No training on API data. SOC 2 Type II certified. Data handling policies published and monitored.