Skip to main content

Data Security & Confidentiality

This document describes how Lodestellar protects customer data uploaded to the platform, including documents, verification results, and associated metadata.

Data Architecture Overview

Customer data resides in two locations:

  • Primary storage (EU) — All customer data (uploaded documents, verification results, user accounts, organization settings) is stored on servers located in Amsterdam, Netherlands. This includes the application database and file storage.
  • AI processing (US) — When documents are analyzed, their content is sent to AI service providers via API for processing. This data is transmitted to and processed in the United States.

No customer data is stored or processed in any other location.

AI Provider Data Protection

Document analysis is performed through OpenAI's API. The following protections apply:

  • No model training — OpenAI is contractually bound not to use customer data for model training or any purpose other than providing its services to Lodestellar. This is enforced both through API terms of service and our Data Processing Agreement.
  • Limited retention — OpenAI retains API inputs and outputs for up to 30 days solely for abuse and safety monitoring, after which data is automatically deleted.
  • No human review — Customer data is not reviewed by OpenAI employees unless required to investigate a specific abuse or safety concern.
  • DPA in place — We maintain a Data Processing Agreement with OpenAI, covering GDPR obligations, data handling requirements, and security commitments.
  • Provider certifications — OpenAI maintains SOC 2 Type II, ISO 27001, ISO 27018 (protection of PII in public clouds), and ISO 27701 (privacy information management) certifications.

Only the content necessary for analysis is sent to OpenAI. Database identifiers, user credentials, and organization metadata are never transmitted.

Infrastructure Security

Our infrastructure is hosted on Railway, a SOC 2 Type II certified platform.

Encryption at rest — All stored data is encrypted at rest at the storage level. Service secrets and environment variables receive an additional layer of envelope encryption using AES-256-GCM with per-environment encryption keys.

Encryption in transit — All data transmitted between users and our servers is protected by TLS (minimum version 1.2, TLS 1.3 preferred). Plain HTTP requests are automatically redirected to HTTPS. Database connections and internal service communication are also encrypted.

Physical security — Infrastructure runs on dedicated hardware in colocation facilities in Amsterdam operated by enterprise-grade providers with SOC 2 certified physical security programs, including multi-factor access controls and 24/7 security staff.

Backups — Automated database backups are performed daily and retained for a limited period to support disaster recovery.

Data Isolation

Lodestellar is a multi-tenant platform with strict data isolation between organizations.

  • Each organization's data is isolated at both the application and database levels. No operation can access data belonging to another organization.
  • Role-based access control (RBAC) restricts what users can do within their organization.
  • Authentication is passwordless via email magic links, valid for 15 minutes and single-use. No user passwords are stored.
  • Sessions are signed JWTs delivered in HTTP-only secure cookies, expire after 7 days, and cannot be accessed by client-side scripts.

Internal access — Production data access is limited to the founding team (2 people) and is used only for operational purposes such as troubleshooting and support.

Data Retention & Deletion

  • Uploaded documents and verification results are retained for up to one year and are deleted upon account closure.
  • Users can delete their data at any time through the platform interface.
  • Upon contract termination, all associated data is deleted within a reasonable period in accordance with our Privacy Policy. Deleted data may persist in encrypted backups for a short retention period, after which it is automatically purged.
  • A current list of sub-processors is available upon request.

Full terms are published at lodestellar.com/terms-and-conditions and lodestellar.com/privacy-policy.

GDPR Compliance

  • EU data residency — All primary data storage and processing occurs within the European Union (Amsterdam, Netherlands).
  • International transfers — Data sent to US-based AI providers for processing is protected by Standard Contractual Clauses (SCCs) and Data Processing Agreements in accordance with GDPR Chapter V requirements.
  • Data subject rights — We support access, correction, deletion, portability, restriction, and objection requests. Requests are fulfilled within 30 days.
  • Data Processing Agreements — Available to customers upon request.
  • Supervisory authority — Our lead supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

Incident Response

In the event of a data breach that poses a risk to customer data, we will:

  • Notify affected customers within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
  • Provide details of the nature of the breach, the data affected, and the measures taken to address it.
  • Cooperate fully with customer security teams during investigation and remediation.

Questions

For security inquiries or to request our DPA or sub-processor list, contact us at info@lodestellar.com.

This document describes how Lodestellar protects customer data uploaded to the platform, including documents, verification results, and associated metadata.

Data Architecture Overview

Customer data resides in two locations:

  • Primary storage (EU) — All customer data (uploaded documents, verification results, user accounts, organization settings) is stored on servers located in Amsterdam, Netherlands. This includes the application database and file storage.
  • AI processing (US) — When documents are analyzed, their content is sent to AI service providers via API for processing. This data is transmitted to and processed in the United States.

No customer data is stored or processed in any other location.

AI Provider Data Protection

Document analysis is performed through third-party AI service provider APIs. The following protections apply:

  • No model training — AI providers are contractually bound not to use customer data for model training or any purpose other than providing their services to Lodestellar. This is enforced both through API terms of service and our Data Processing Agreement with each provider.
  • Limited retention — AI providers retain API inputs and outputs for up to 30 days solely for abuse and safety monitoring, after which data is automatically deleted.
  • No human review — Customer data is not reviewed by AI provider employees unless required to investigate a specific abuse or safety concern.
  • DPA in place — We maintain Data Processing Agreements with all AI sub-processors, covering GDPR obligations, data handling requirements, and security commitments.
  • Provider certifications — Our AI providers maintain SOC 2 Type II, ISO 27001, ISO 27018 (protection of PII in public clouds), and ISO 27701 (privacy information management) certifications.

Only the content necessary for analysis is sent to AI providers. Database identifiers, user credentials, and organization metadata are never transmitted.

Infrastructure Security

Our infrastructure is hosted on Railway, a SOC 2 Type II certified platform.

Encryption at rest — All stored data is encrypted at rest at the storage level. Service secrets and environment variables receive an additional layer of envelope encryption using AES-256-GCM with per-environment encryption keys.

Encryption in transit — All data transmitted between users and our servers is protected by TLS (minimum version 1.2, TLS 1.3 preferred). Plain HTTP requests are automatically redirected to HTTPS. Database connections and internal service communication are also encrypted.

Physical security — Infrastructure runs on dedicated hardware in colocation facilities in Amsterdam operated by enterprise-grade providers with SOC 2 certified physical security programs, including multi-factor access controls and 24/7 security staff.

Backups — Automated database backups are performed daily and retained for a limited period to support disaster recovery.

Data Isolation

Lodestellar is a multi-tenant platform with strict data isolation between organizations.

  • Each organization's data is isolated at both the application and database levels. No operation can access data belonging to another organization.
  • Role-based access control (RBAC) restricts what users can do within their organization.
  • User passwords are hashed using bcrypt and are never stored in plaintext.
  • Authentication uses HTTP-only secure cookies that cannot be accessed by client-side scripts.

Internal access — Production data access is limited to the founding team (2 people) and is used only for operational purposes such as troubleshooting and support.

Data Retention & Deletion

  • Uploaded documents and verification results are retained for up to one year and are deleted upon account closure.
  • Users can delete their data at any time through the platform interface.
  • Upon contract termination, all associated data is deleted within a reasonable period in accordance with our Privacy Policy. Deleted data may persist in encrypted backups for a short retention period, after which it is automatically purged.
  • A current list of sub-processors is available upon request.

Full terms are published at lodestellar.com/terms-and-conditions and lodestellar.com/privacy-policy.

GDPR Compliance

  • EU data residency — All primary data storage and processing occurs within the European Union (Amsterdam, Netherlands).
  • International transfers — Data sent to US-based AI providers for processing is protected by Standard Contractual Clauses (SCCs) and Data Processing Agreements in accordance with GDPR Chapter V requirements.
  • Data subject rights — We support access, correction, deletion, portability, restriction, and objection requests. Requests are fulfilled within 30 days.
  • Data Processing Agreements — Available to customers upon request.
  • Supervisory authority — Our lead supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

Incident Response

In the event of a data breach that poses a risk to customer data, we will:

  • Notify affected customers within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
  • Provide details of the nature of the breach, the data affected, and the measures taken to address it.
  • Cooperate fully with customer security teams during investigation and remediation.

Questions

For security inquiries or to request our DPA or sub-processor list, contact us at info@lodestellar.com.