Privacy is not a feature.
It's the architecture.
EdgePype is designed so that your conversations, your data, and your models stay under your control — by default, not by policy.
How your data is protected
Four layers of protection ensure your data stays yours at every stage.
Local Inference
Your model runs entirely on your device via WebGPU. Messages never leave your machine — not even we can see your conversations.
Training Data Deleted
Your examples are used only during training, then permanently deleted from our servers within 24 hours. No exceptions.
Encrypted Storage
Model files are encrypted at rest on Cloudflare R2 with AES-256. Data in transit is protected by TLS 1.3 end-to-end.
No Data Selling
We never sell, share, or use your data to train our own models. Your data exists for one purpose: building your custom AI.
Built on trusted infrastructure
Every component in our stack is chosen for security, reliability, and compliance.
Supabase
SOC2 Type II compliant database hosting
Authentication and application data stored on Supabase infrastructure with row-level security, encrypted backups, and SOC2 Type II certification.
Cloudflare R2
AES-256 encryption at rest
Model files stored on Cloudflare R2 with automatic encryption at rest, distributed globally for fast downloads, and strict access controls.
Stripe
PCI DSS Level 1 certified
All payment processing handled by Stripe, the highest level of PCI compliance. We never store credit card numbers on our servers.
RunPod
Isolated GPU workers, data purged after job
Training runs on isolated A100 GPU instances. Each job gets a fresh environment. All data — training examples, intermediate files, model artifacts — is purged from the worker immediately after upload.
Enterprise-grade security
For teams that need the highest level of control over their AI infrastructure.
Bring Your Own Infrastructure
Run the training pipeline on your own GPU hardware. Your data never touches third-party cloud infrastructure.
Custom Data Retention
Configure data retention policies to match your compliance requirements. Delete on demand or set automatic schedules.
SSO / SAML
Coming soonEnterprise single sign-on with your existing identity provider. SAML 2.0 and OIDC supported.
Dedicated Support
Priority support channel with guaranteed response times. Dedicated security contact for your team.
Compliance roadmap
We are building toward formal certifications. Here is where we stand.
SOC2 Type II
PlannedFull SOC2 Type II audit planned for when annual recurring revenue exceeds $500K. We are building with SOC2 controls from day one.
GDPR DPA
AvailableData Processing Agreement available on request for EU customers. Our architecture is designed for data minimization by default.
HIPAA BAA
Coming SoonBusiness Associate Agreement for healthcare customers on the Business plan. Local inference means PHI never leaves the provider's device.
What happens to your data
Deleted within 24 hours of model completion. Never stored permanently.
Generated during training, deleted immediately after. Not retained.
Stored encrypted on R2 while your subscription is active. Deleted 60-150 days after cancellation.
Never stored on our servers. All chat runs locally via WebLLM on your device. We have zero access.
Questions about security?
We take security seriously. If you have questions about our practices, need a DPA, or want to discuss enterprise requirements, reach out.
security@edgepype.com