Security

Overview

Supernomial’s t0 is built on industry-standard security practices—state-of-the-art encryption, strict access controls, and resilient infrastructure. Refer to our Data Processing Agreement for details.

Compliance

We follow GDPR principles today—including data minimization, access controls, and breach notification processes—and adhere to a shared responsibility framework with our infrastructure providers (Vercel, Supabase). Our security controls are designed to meet the SOC 2 Type II Trust Services Criteria. For Enterprise customers needing bespoke security measures or contractual assurances, please contact us at support@supernomial.co.

Data Regions & Transfers

All production systems and backups are currently hosted in the United States. Until we roll out clustered regional storage, EU-resident data will be transferred to the U.S. under our DPA and SCCs. We are actively developing clustered regional data storage to support additional regions outside the U.S. in the future.

Data Retention & Local Storage

Customers and Clients are solely responsible for regularly downloading, exporting, and securely storing all Deliverables and underlying data to satisfy applicable local tax record-keeping, privacy, and security laws. Supernomial makes no representation that data stored in our systems meets specific local requirements and disclaims any liability for failure to retain or protect such records once exported.

Report a Vulnerability

To report any security issue or vulnerability, please email support@supernomial.co.

Contact & Inquiries

For questions or to request more detailed security information (including SOC 2 readiness), please contact:

Supernomial Oy
Email: security@supernomial.co
Address: Bulevardi 21, 00180 Helsinki, Finland