Data protection
ActiveProvider credentials are encrypted at rest, access is scoped by organization, and customer content is handled only to provide the configured product workflow.
Work in progress
Trust Center
A practical view of how Hyperlocalise handles security, subprocessors, and certification work while the formal trust program matures.
Security
Built for controlled localization workflows
Hyperlocalise is designed around scoped access, encrypted credentials, and explicit provider connections rather than broad default access to customer systems.
Access controls
ActiveAuthentication and organization membership checks gate access before workspace data or connected provider resources are available.
Vendor review
In progressWe are documenting operating controls, subprocessors, and evidence needed for security reviews as the product matures.
Subprocessors
Core vendors used to operate Hyperlocalise
This lite list covers platform-operated subprocessors. Customer-configured AI providers, translation management systems, repositories, and chat tools are used only when a customer connects them.
| Subprocessor | Purpose | Data processed | Primary processing location |
|---|---|---|---|
| Vercel | Application hosting, serverless compute, workflow execution, and file storage | Application data, uploaded files, logs, and operational metadata | Global infrastructure |
| PlanetScale | Managed PostgreSQL database hosting and persistent data storage | Account, organization, project, localization workflow, and application metadata stored in the platform database | United States |
| WorkOS | Authentication, session management, and organization membership | Account identity, organization membership, and session metadata | United States |
| Resend | Transactional email and email-based product workflows | Email addresses, message metadata, and email content sent through configured workflows | United States |
| Autumn | Billing, subscription, and usage orchestration | Account, subscription, entitlement, and usage metadata | United States |
| OpenAI | AI-assisted translation, review, and localization workflow support | Customer content, prompts, context, and model outputs processed for enabled AI features | United States |
Certification
Formal security work is underway
We are building toward a formal security program, including SOC 2 readiness work. Certifications and independent assessments will be published here as they become available.
SOC 2
Security program in progress
ISO 27001
Under consideration
Penetration testing
Planned
Security questionnaire
Available on request
Data handling
Customer-controlled integrations
Hyperlocalise processes customer content to run localization workflows and connected automations.
Source strings, translations, context, prompts, model outputs, and provider metadata may be processed when those workflows are enabled by the customer.
AI providers, translation management systems, repositories, and chat platforms are not treated as default platform subprocessors here because customers choose whether to connect them and which accounts or projects are in scope.
Need security details for a review?
Contact us for current security information, vendor review questions, or certification roadmap details.