Security worth
showing IT.
Encryption, isolation, audit logs. Nothing autonomous without your approval.
How Alfred protects your data
Six commitments
that aren’t theater.
We’re not going to pretend we’re Fort Knox. We’re an early-stage product. But here’s what we actually do — written without compliance buzzwords.
Enterprise-grade hosting
Supabase Pro on AWS US-East. Daily encrypted backups. 99.9% uptime target.
Encrypted end-to-end
TLS 1.2+ in transit. AES-256 at rest. No exceptions.
Per-org data isolation
Postgres row-level security. Other customers cannot see your data. Period.
Approval queue, every send
Alfred drafts. You approve. Every send logged with timestamp and approver.
You own your data
Export everything as CSV any time. Delete your account and we purge in 30 days.
Audit-ready logging
Every send, approval, and login logged for 12 months. Exportable on request.
An honest note
We’re an early-stage company. We don’t have SOC 2 Type II yet (it’s on the 2026 roadmap). We don’t have ISO 27001. We can’t honestly claim a 99.99% SLA — we’re building toward 99.9%.
What we do have: encryption at rest and in transit, per-org data isolation enforced at the database level, a full audit trail, and an approval queue that means nothing autonomous goes out without you tapping approve.
If your compliance team needs more, email hello@alfred-intelligence.com and we’ll send our security posture documentation under NDA, walk through your specific requirements, and tell you honestly whether we’re ready for your environment.
Frequently asked
Specifics, not slogans.
Primary database is Supabase Pro on AWS US-East. Backups are encrypted and retained for 7 days for point-in-time restore. We do not replicate to non-US regions without explicit customer agreement.
Production database access is limited to two named engineers under signed confidentiality. We do not browse customer data for fun, never use real customer messaging in marketing, and never train models on your data without explicit opt-in.
We purge your contacts, message history, and journey data within 30 days. Audit logs are kept for 12 months for compliance, then permanently deleted. You can request immediate deletion of all data at any time.
Not yet — SOC 2 Type II is on our 2026 roadmap. If your organization requires SOC 2 before contract, contact us. We can share our full security posture documentation under NDA and walk through your specific requirements.
It cannot — without your explicit approval. Every message Alfred drafts queues in your approval inbox. You see the recipient, the content, the trigger, and the timing before you tap approve. Alfred never auto-sends a draft.
Multi-factor authentication is available on every plan. Suspicious login locations trigger alerts. Failed-attempt rate limiting blocks brute-force attacks. We recommend enabling MFA on all owner-tier accounts.
We run on enterprise-grade infrastructure (Supabase Pro + AWS) with encryption at rest and in transit, per-org data isolation, and a full audit trail. We don't currently hold SOC 2 or ISO 27001 certifications — that's our honest answer. If your compliance team needs specifics, email hello@alfred-intelligence.com and we'll walk through it.
Trust is the product.
Try Alfred risk-free.
14-day free trial. No card. No pressure. If we’re not the right fit for your compliance posture, we’ll tell you ourselves.