Data architecture
Per-user isolation
Your voice fingerprint lives in your isolated user profile. Never blended with other accounts. Never used for shared training.
Encryption at rest
All stored data encrypted with AES-256. Voice patterns, metadata, settings. Database-level encryption with rotated keys.
Encryption in transit
TLS 1.3 for every connection between client, server, and Gmail API. No exceptions.
What we store
Voice patterns (sentence rhythm, vocabulary, signoffs). Relationship metadata. Pranan-generated drafts pending your review.
What we don't store
Original email bodies stay in Gmail. We extract patterns, not content. The fingerprint can't be reverse-engineered to recover emails.
Per-recipient opt-out
Mark any contact or domain as no-AI. Pranan won't draft, analyze, or surface threads from those addresses.
Compliance posture
SOC 2 Type II
In progress. Audit window opened Q1 2026. Available on request once final report lands.
GDPR by design
EU data residency available on request. Right to access, rectification, erasure, portability all supported via API.
Data deletion
Cancel anytime. Voice fingerprint deleted within 30 days. Drafts pending review are kept until you handle them.
Sub-processors
Vercel (hosting), Supabase (storage), Groq (inference), Inngest (background jobs). Full list available on request.
Single-tenant deployment
Available on Enterprise plans. Dedicated infrastructure, isolated database, dedicated inference. Talk to us.
No vendor lock-in
Voice fingerprint exportable on request. Drafts can be archived. Cancellation never traps your data.
Have a security review?
Send us your security questionnaire and we'll respond within two business days. Most reviews complete in under a week.