Trust · governance

Trust, stated honestly.

Scopes, redaction, audit, indexing posture, compliance roadmap, and incident handling — in one place.

What we read

Project shape — graph, structure, decision and lesson candidates. Not source contents by default.

What we store

Stream events, Atlas nodes and edges, citations, and Capsule manifests. Encrypted at rest.

Scopes

Personal, project, team, client, agent-visible. Boundaries enforced in product.

Redaction

Author-visible diff between source slice and recipient view. Capsules and cross-scope promotions both.

Audit

Promotions, opens, revocations, and agent actions logged. Exportable to SIEM.

Local-only mode

Available on Enterprise. No calls to ContextStream cloud during indexing or recall.

02 Subprocessors

Who we rely on to run the service.

We use the following subprocessors to operate ContextStream. Material additions trigger advance notice for Enterprise customers; the list is updated when it changes.

Cloudflare

CDN, Workers, and R2 object storage for the web client and marketing surfaces.

Hivelocity

Bare-metal hosting for application and API workloads across Dallas, Amsterdam, Orangeburg, and San Jose.

OVHcloud

GPU compute for model training and evaluation, plus a Postgres replica in Virginia.

Voyage AI

Embeddings API for semantic search and intent retrieval.

Stripe

Billing, subscription management, and payment processing.

Resend

Transactional email delivery (verification, receipts, notifications).

Fastmail

Email hosting for the ContextStream team.

PostHog

Product analytics to understand usage and improve the experience.

Neo4j

Graph database for the knowledge graph and Atlas relationships. Self-hosted on our infrastructure.

Qdrant

Vector database for semantic search embeddings. Self-hosted on our infrastructure.

GitHub

Source code hosting and CI/CD for the ContextStream codebase and release artifacts.

Slack

Team communications and internal coordination for the ContextStream team.

03 Compliance roadmap

Where we are. Where we're going.

SOC 2 Type II

Type II audit underway. Scope and timeline available under NDA for prospective Enterprise customers.

GDPR

Standard DPA. EU-region storage available on Team and Enterprise.

HIPAA / FedRAMP

Not in scope today. Talk to us if you need a compliance sponsor on the roadmap.

Need a deeper conversation?

DPA, security questionnaire, architecture review, procurement support.