Trust Center
Security and privacy for continuity operations.
CommandDoc is built for organizations that manage sensitive continuity plans, operational contacts, THIRA evidence, and executive readiness workflows.
Compliance posture
CommandDoc is implementing SOC 2 Type I controls aligned to ISO/IEC 27001:2022. Formal audit reports are shared under NDA when available.
Request security reviewPrivate document handling
Customer COOP and THIRA files are stored in private object storage and served through authenticated routes with tenant and role checks.
Audit evidence
Security, document, AI, administrative, and access events are recorded for tenant review and SOC 2 readiness evidence.
AI processing controls
AI parsing is tenant-configurable, routes through Vercel AI Gateway to Google Gemini by default, and is designed to avoid retaining raw extracted source text after processing.
Availability practices
CommandDoc uses managed cloud infrastructure, dependency monitoring, backup planning, and incident response procedures.
Data processing
Customer content is used to provide the service, including optional document parsing. CommandDoc does not sell customer data. AI parsing can be disabled by tenant administrators.
Incident commitments
Security incidents are triaged under the incident response plan. Customers are notified without undue delay when an incident materially affects their data or service availability.
Subprocessors
| Provider | Purpose |
|---|---|
| Vercel | Application hosting, analytics, Blob storage, AI Gateway |
| Neon | Managed Postgres database |
| Stack Auth | Authentication, sessions, teams, invitations |
| Google Gemini via Vercel AI Gateway | Optional document parsing |