Trust
Trust Center
How we keep your data secure and private — our security practices, the vendors we rely on, and our commitment to responsible AI.
Encryption
Traffic is served over HTTPS/TLS, and data is encrypted in transit. Our database provider encrypts data at rest.
Managed infrastructure
We run on Vercel and Neon — reputable, security-focused platforms — rather than self-managed servers.
Payment safety
Card payments are handled by Stripe. We never see or store full card numbers.
Responsible AI
AI assists people; it never replaces human judgment, responsibility, or creativity.
Last updated: June 23, 2026
Our commitment
Trust is the foundation of our work. We hold ourselves to a simple standard: collect only what we need, protect what we hold, and use AI in a way that keeps humans in control. This page summarizes how we approach security, privacy, and responsible AI.
Security practices
- Encryption in transit (HTTPS/TLS) across the site;
- Data stored in a managed, access-controlled PostgreSQL database with encryption at rest;
- Passwords stored only as salted one-way hashes — never in plain text;
- Secrets and credentials kept in a secured secrets manager, separate from our source code;
- Least-privilege access and reputable, security-focused infrastructure providers;
- Bot and spam protection on public forms via Cloudflare Turnstile.
Data privacy
We practice data minimization and use your information only to provide and improve the Services. We do not sell personal information, and we do not use the content of your inquiries to train AI models. For the full picture of what we collect and your rights, see our Privacy Policy and Cookie Policy.
Subprocessors
We rely on a small set of trusted vendors to operate the Services. Each processes data only as needed for its function:
| Vendor | Purpose | Region |
|---|---|---|
| Vercel | Website hosting, delivery, and analytics | United States |
| Neon | Managed PostgreSQL database | United States |
| Stripe | Payment processing (PCI-DSS compliant) | United States |
| Resend | Transactional and notification email | United States |
| Cloudflare | Spam protection (Turnstile) and network security | Global |
| Calendly | Scheduling assessment and follow-up calls | United States |
| Anthropic | AI model provider for optional AI-assisted analysis | United States |
Payments
All payments are processed by Stripe, a PCI-DSS Level 1 certified provider. Card details are entered on Stripe’s secure checkout — Comonic never receives or stores your full card number.
Responsible AI
Comonic exists to help people use AI well. AI should eliminate drudgery and expand human capability — but never replace human judgment, responsibility, or creativity. Our AI-assisted outputs are recommendations for a human to review and decide on, not automated decisions made about you.
Report a vulnerability
If you believe you’ve found a security issue, we want to hear from you. Please email support@comonic.org with details, and allow us reasonable time to investigate and respond before any public disclosure. We appreciate responsible disclosure.
We align our practices with GDPR and CCPA principles.