Encryption at rest: All photos and documents stored with AES-256 encryption on Cloudflare R2.
Encryption in transit: TLS 1.3 on all connections. No unencrypted traffic.
Data residency: Database in US-East (Neon PostgreSQL). Files on Cloudflare global network.
Access control: Role-based permissions (Reader, Contributor, Editor, Admin). Full audit trail.
| Service | What it receives | Data retention |
|---|---|---|
| Google Gemini | Image pixels for analysis | Not stored (per Google API ToS) |
| Google Vision | Image pixels for face detection | Not stored (per Google API ToS) |
| Replicate | Image pixels for restoration | Deleted after processing |
| Neon PostgreSQL | Metadata only (no image bytes) | Persistent (your database) |
| Cloudflare R2 | Encrypted image storage | Until you delete |
GDPR: Right to access, right to erasure, right to portability. Export or delete your data at any time.
CCPA: We never sell your data. Right to know and right to delete are supported.
HIPAA: FutureLink is not HIPAA-certified. Do not use for clinical or protected health information.
No tracking: No analytics, no third-party cookies, no advertising trackers.
Your photos are never used for AI training.
Export your data: Download all your photos, documents, and metadata at any time from Settings.
Delete your account: Remove all your data permanently from Settings. 30-day grace period.
Audit log: Admins can view a full log of who did what and when.
Questions about security? Contact us at security@merivant.com