Security & Compliance

Built for enterprise security & compliance

DMHub is designed with security at its core — encryption everywhere, granular access controls, audit logs, and a transparent sub-processor list so your procurement team can close fast.

SOC 2 Type II

In progress

GDPR Compliant

Since Jan 2025

AES-256 Encryption

At rest & in transit

99.9% Uptime Target

Live status →

Compliance frameworks

Current certification status across regulatory and industry frameworks.

Framework	Status	Scope	Since	Report
SOC 2 Type II	In progress	Security, Availability, Confidentiality	—	Available on completion
GDPR	Certified	All EU personal data processing	January 2025	—
CCPA	Certified	California resident personal information	January 2025	—
TCPA	Certified	SMS & voice communications to US consumers	March 2025	—
HIPAA	N/A	DMHub is not a covered entity; health data processing requires a BAA	—	—
ISO 27001	In progress	Information security management system	—	Available on completion
PCI DSS	N/A	Payment card data is processed directly by Stripe; DMHub does not store card numbers	—	—
CAN-SPAM	Certified	All commercial email sent from the platform	January 2025	—

Enterprise customers can request a copy of our SOC 2 report once issued. Contact security@dmhub.ai

Sub-processor matrix

DMHub uses 14 third-party sub-processors to deliver its services. Each processor is under a Data Processing Agreement (DPA) and reviewed annually.

Processor	Purpose	Region	DPA
Vercel	Hosting and edge compute — serves the Next.js application globally	US, EU (data residency configurable)	DPA
Neon	Primary PostgreSQL database — stores all platform data at rest	US (us-east-1)	DPA
Stripe	Payment processing and subscription billing	US, EU	DPA
Twilio	SMS and WhatsApp messaging delivery	US, EU	DPA
Resend	Transactional email delivery (receipts, notifications)	US	DPA
Cloudflare R2	Object storage for user-uploaded files and media	US, EU (configurable)	DPA
Pusher	Real-time WebSocket events for live conversation updates	US, EU	DPA
Inngest	Background job queue and scheduled cron functions	US	DPA
Upstash	Redis cache and rate-limiting store	US, EU	DPA
Loops	Marketing email sequences and lifecycle messaging	US	DPA
PostHog	Product analytics and event tracking	US, EU (EU Cloud available)	DPA
Sentry	Error monitoring and performance tracing	US, EU	DPA
OpenAI	AI language model inference for AI Agents and Wizard features	US	DPA
Anthropic	AI language model inference (Claude) for AI Wizard features	US	DPA

Last updated: May 2026

View full sub-processor list with data types & certifications

Security controls

19 of 20 controls implemented across encryption, access control, monitoring, and more.

Encryption

Encryption at rest
Encryption in transit
Secrets management
Integration credential encryption

Access Control

Multi-factor authentication
Role-based access control (RBAC)
Single sign-on (SSO)
Session management

Monitoring & Logging

Audit log
Error monitoring
Uptime monitoring
Rate limiting

Secure Development

Dependency management
Static analysis
Responsible disclosure program

Incident Response

Incident response plan
Breach notification

Business Continuity

Database backups
Disaster recovery
Redundancy

View detailed security controls

Uptime & incidents

Real-time status across all DMHub subsystems.

99.9%

Uptime target (SLA)

Live uptime tracking across database, cache, payments, and real-time subsystems.

View live status

No incidents in the last 90 days

All incidents, maintenance windows, and postmortems are published publicly on the status page as they happen.

View incident history

Privacy & data

Documentation covering how we handle, protect, and share your data.

How we collect, use, and retain personal data.

Data Processing Agreement

Our standard DPA for GDPR Article 28 compliance.

Cookie Policy

Types of cookies we use and how to opt out.

Security contact

Found a vulnerability? We have a responsible disclosure program with safe-harbor protections. We acknowledge reports within 2 business days and keep you updated throughout the remediation process.

security@dmhub.ai Disclosure policy

Request our SOC 2 report

Our SOC 2 Type II audit is in progress. Enterprise customers can request the report once issued — it will be shared under NDA.

Request report

Last updated: May 2026 · Questions? security@dmhub.ai