Data security

Your account and assessment data are stored in the European Union (Frankfurt, eu-central-1) on Supabase, running on Amazon Web Services. Data is not moved out of the EU for storage.

All traffic to BoardReady runs over HTTPS/TLS, enforced with HSTS. Your stored data is encrypted at rest by our database infrastructure. Passwords are never stored in plain text — they are hashed with bcrypt.

Every request is checked so you can only ever access your own organisation’s data — your risk assessments, board and governance data are isolated per account. Administrative access is restricted and separately authenticated. We apply browser security headers (including clickjacking and content-type protections) across the application.

BoardReady runs on infrastructure from Supabase and Amazon Web Services, which maintain independent security certifications including SOC 2 and ISO 27001. We do not run our own servers.

BoardReady uses Anthropic’s Claude to generate analysis from the content you submit. Under Anthropic’s commercial API terms, your data is used only to return your analysis and is not used to train AI models. We do not send your data to any other AI provider.

We do not sell, rent, or trade your data to anyone. We use a small set of named subprocessors (database, hosting, AI, email, payments, analytics) purely to run the service — they are listed in our privacy policy.

You can request a copy of your data, or deletion of your account and all associated data, at any time by emailing contact@earlywarningindex.com. We action deletion within 30 days.

If you believe you have found a security vulnerability, please email contact@earlywarningindex.com. We take every report seriously and will respond promptly.