Trust Center

Security & Compliance Overview

Stereos is built on a security-first infrastructure stack. We are actively aligning to SOC 2 principles and preparing for formal audit. This page describes our current security posture — not a certification claim.

Implemented

Encryption at Rest

AES-256 encryption for all stored data via Neon (PostgreSQL) and Cloudflare.

Enforced

MFA Enforced

Multi-factor authentication required for all internal systems and production access.

Default On

Zero Data Retention

AI Gateway configured with ZDR by default — prompts and responses are not stored by Cloudflare.

Targeted Q4 2026

SOC 2 Type I

Actively aligning controls to SOC 2 Trust Service Criteria. Formal audit targeted Q4 2026.

Security Philosophy

Stereos is designed from the ground up to handle sensitive LLM usage data. We minimize what we collect, maximize what we protect, and make our practices visible to customers without NDAs.

Our infrastructure is 100% serverless and built on providers with industry-leading security certifications. We inherit and extend their security controls rather than re-inventing them.

We do not train AI models on customer data. We do not sell data. We do not log LLM prompts or responses by default — our AI Gateway is configured with Zero Data Retention enabled out of the box.

Infrastructure Providers

CloudflareEdge, AI Gateway, Zero Trust, DLP

VercelFrontend hosting & serverless functions

NeonPostgreSQL database (region-locked)

StripePayment processing

Security questions? james@trystereos.com