What is DIVORSAY's SOC 2 compliance status?

DIVORSAY's SOC 2 Type I audit is planned but not yet completed. We have mapped 46 SOC 2 controls with 91% implemented and maintain immutable audit logs, access reviews, and incident response procedures. Our infrastructure partners (Supabase, Vercel, Stripe) maintain SOC 2 Type II compliance.

AES-256 · Security & Trust

Your story is safe with us.

Q: What happens if DIVORSAY detects a crisis in my messages?

All AI tools in DIVORSAY automatically scan for crisis keywords. If detected, DIVORSAY immediately surfaces the 988 Suicide and Crisis Lifeline and the National Domestic Violence Hotline. This safety feature cannot be disabled.

Your divorce documents. Your custody notes. The text message you can’t show anyone else. We built DIVORSAY so that the only person who ever sees what you upload is you — and the lawyer you choose to share it with.

01· Control

AES-256-GCM encryption

Everything you upload is encrypted with AES-256-GCM before it touches our database, and protected with TLS 1.3 in transit. Documents are accessible only to your account; admin access is logged and reserved for support escalations you've initiated.

02· Control

Your account, your data only

Row-Level Security at the database level means your data physically cannot touch another user's session — even if someone tried. This isn't enforced by code, it's enforced by the database itself.

03· Control

A record nobody can rewrite

Every action on your account — AI conversations, uploads, logins, exports — is written to an append-only log. It can't be deleted or altered. 3-year retention minimum, so your evidence trail stays intact.

04· Control

Someone's watching out for you

If you ever write something that suggests you're in danger — suicidal thoughts, domestic violence, self-harm — we pause and route you to the 988 Lifeline or the National Domestic Violence Hotline. Immediately. This cannot be disabled.

05· Control

AI that knows its role

Every AI response passes through a compliance gate that prevents our tools from pretending to be a lawyer. The “not legal advice” reminders are added on our server — nobody, not even us, can remove them.

06· Control

Infrastructure you can audit

Hosted on Vercel (edge network) with Supabase (PostgreSQL + Auth). TLS 1.3 in transit. HSTS preload. CSP with violation reporting. Rate limiting on every endpoint. No shortcuts.

Controls · Live in production

Security controls.

Encryption at Rest

AES-256-GCM

Encryption in Transit

TLS 1.3

Row-Level Security

All tables

Audit Logging

Immutable, 3-year retention

Rate Limiting

All API endpoints

Input Validation

Zod schemas on all routes

Crisis Detection

24 patterns, all AI tools

Jailbreak Prevention

10 patterns + 200 test cases

CCPA Compliance

Data export + deletion

Dual-Spouse Isolation

Database-level enforcement

Certifications & audits

Where we stand.

SOC 2 Controls

46 controls mapped (91% implemented)

Active

SOC 2 Type I

Planned — pending audit engagement

In Progress

Penetration Test

Scope defined — vendor selection in progress

In Progress

HIPAA Assessment

Under legal review

In Progress

Infrastructure · Partners

Built on the shoulders of giants.

Supabase

SOC 2 Type II certified

Vercel

SOC 2 Type II certified

Anthropic

AI model provider

Stripe

PCI DSS Level 1

FAQ · Security

Frequently asked questions.

Yes. DIVORSAY uses AES-256 encryption for all data at rest and TLS 1.3 for all data in transit. Sensitive fields like financial data and document URLs are additionally encrypted at the application layer.

No. DIVORSAY never sells, shares, or monetizes your personal data. We comply with CCPA requirements including data export and account deletion on request.

DIVORSAY enforces Row-Level Security at the database level. Every query is automatically filtered to your account only. One spouse can never access another spouse's data — enforced by the database itself, not just application code.

All AI tools automatically scan for crisis keywords. If detected, DIVORSAY immediately surfaces the 988 Suicide and Crisis Lifeline and the National Domestic Violence Hotline. This safety feature cannot be disabled.

DIVORSAY's SOC 2 Type I audit is planned but not yet completed. We have mapped 46 SOC 2 controls with 91% implemented. Our infrastructure partners (Supabase, Vercel, Stripe) maintain SOC 2 Type II compliance.

Still have questions?

Email our security team.

Whether you’re a worried user wondering who sees your data, or an enterprise compliance team doing due diligence — we answer every security email personally.

Email Security Team

DIVORSAY is a technology platform, not a law firm. Security certifications listed reflect the status of our infrastructure partners. Our own SOC 2 certification is in progress.

One moment…

Security controls.

Encryption at Rest

AES-256-GCM

Encryption in Transit

TLS 1.3

Row-Level Security

All tables

Audit Logging

Immutable, 3-year retention

Rate Limiting

All API endpoints

Input Validation

Zod schemas on all routes

Crisis Detection

24 patterns, all AI tools

Jailbreak Prevention

10 patterns + 200 test cases

CCPA Compliance

Data export + deletion

Dual-Spouse Isolation

Database-level enforcement

Frequently asked questions.

No. DIVORSAY never sells, shares, or monetizes your personal data. We comply with CCPA requirements including data export and account deletion on request.

Email our security team.

Whether you’re a worried user wondering who sees your data, or an enterprise compliance team doing due diligence — we answer every security email personally.

DIVORSAY is a technology platform, not a law firm. Security certifications listed reflect the status of our infrastructure partners. Our own SOC 2 certification is in progress.