Trust center

Your cask records are commercially sensitive. We treat them that way. This page sets out how CaskIQ handles your data, where it lives, and what we do — and don’t do — with it, so your team can answer “is it safe?” without a sales call.

Security posture is accurate to current operation; certifications and pen-test attestation are on the roadmap below. For anything not answered here, email hello@stillbound.ai.

Security posture

• Encryption. TLS in transit everywhere; encryption at rest on the production database.
• Authentication. Sessions are issued as signed tokens, verified server-side on every request. Multi-factor authentication is enforced on our code, cloud, domain, and deployment accounts.
• Tenant isolation. Your data is scoped to your account. Every request to your data is authorised against your tenant; a request carrying another tenant’s credentials is rejected.
• Audit trail. Data imports, mapping changes, exports, and routed actions are logged with the acting user.
• Secrets. Credentials live in managed secret storage, never in source code.
• Change control. Changes ship through a review workflow with automated checks that the service starts and rejects forged credentials before release.

Where your data lives

CaskIQ is hosted entirely in the EU. Web delivery runs on EU edge infrastructure, the processing engine runs on EU compute (Amsterdam), and your data is stored in managed EU Postgres. EU-resident processing is a deliberate choice for European distilleries. The specific providers behind each function are named in your Data Processing Agreement.

AI and your data

CaskIQ’s core is a deterministic engine running on our infrastructure — given the same records it returns the same result. In standard operation, your cask data is not sent to a third-party large language model, and no customer data is used to train third-party AI models.

Any optional AI-assisted feature is offered only under a contract amendment, runs under commercial provider terms that exclude training on your inputs, is listed in your DPA subprocessor schedule, and can be disabled for your account on request.

Subprocessors

The authoritative subprocessor schedule is in your Data Processing Agreement. We give at least 30 days’ notice before adding a new subprocessor, and you may object on reasonable data-protection grounds. Any transfer outside the EEA is governed by the EU Standard Contractual Clauses, relied on with the EU–US Data Privacy Framework where a US provider is certified.

Data ownership, deletion, and incidents

• Your raw cask data remains yours. We process it only to deliver, secure, and support the contracted service.
• You can export your data at any time while your subscription is active. Deletion and return are covered in the DPA.
• We maintain an incident-response route and a breach-notification commitment in the DPA.

Business continuity

Your data is held in managed Postgres with the provider’s automated, encrypted backups. Because you can export your own data at any time during the subscription, you are never locked in. On exit, the DPA sets a 30-day export window before deletion, and a prolonged-outage clause in the Terms lets you leave with a refund of prepaid fees for service not delivered. Our aim is simple: if anything happens to us, your records are yours and you can take them with you.

Certifications & roadmap

• Penetration testing. The platform is hardened against the standard web application test findings. A formal third-party test and attestation will be added as we onboard enterprise customers.
• SOC 2. CaskIQ runs on EU infrastructure that holds its own ISO 27001 / SOC 2 certifications, and we operate against a documented security baseline. Our own SOC 2 certification is on the roadmap as enterprise demand requires it.

How we engage

Demo on synthetic data first. NDA before real data. DPA and statement of work before any production processing. We are happy to complete your vendor security questionnaire — email hello@stillbound.ai.