Privacy Policy

Last updated: March 2026

1. Who We Are

SocWizard is a SOC 2 compliance preparation tool. We help startups and small businesses understand their compliance posture, identify gaps, and prepare for a SOC 2 audit. References to "we," "us," or "SocWizard" in this policy refer to the operator of socwizard.com. You can reach us at hello@socwizard.com.

2. What Data We Collect

Account data

When you sign up, we collect your name and email address via Clerk, our authentication provider. We do not store passwords — authentication is handled entirely by Clerk.

Compliance content you provide

SocWizard stores the information you enter while using the tool: your company's gap analysis responses, control notes, evidence descriptions, and policy documentation. This data is associated with your account and stored in our database.

Usage data

We use PostHog to collect anonymized analytics — page views, feature usage, and session activity. This helps us understand how the product is used and improve it. PostHog data does not include the content of your compliance notes or evidence.

Payment data

If you subscribe to SocWizard Pro, payments are processed by Stripe. We do not store credit card numbers or full payment details. Stripe handles all payment processing and is PCI-DSS compliant.

3. How We Use Your Data

  • To provide and operate the SocWizard service
  • To power AI-driven gap analysis and recommendations using your compliance inputs
  • To send transactional emails (account confirmations, receipts)
  • To respond to support requests sent to hello@socwizard.com
  • To improve the product using aggregated, anonymized usage analytics

We do not sell your data. We do not use your compliance content for advertising or share it with third parties beyond what is necessary to operate the service.

4. AI Processing

SocWizard's AI Advisor and gap analysis features send your compliance inputs to Anthropic's Claude API for processing. Anthropic does not use API inputs to train their models by default. Your data is sent over encrypted connections and is subject to Anthropic's privacy policy.

You should not input personally identifiable information about individuals (e.g., employee names, SSNs, health records) into SocWizard. Our tool is designed for organizational compliance documentation, not personal data processing.

5. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Neon. Evidence Vault files (Pro feature) are stored using Vercel Blob storage. Data in transit is encrypted using TLS. We implement access controls, rate limiting, and security headers to protect your account.

While we take reasonable steps to protect your data, no system is completely secure. We encourage you not to store highly sensitive credentials or personal data in SocWizard beyond what is necessary for compliance documentation purposes.

6. Data Sharing

We share data only with the following service providers necessary to operate SocWizard:

  • Clerk — authentication and user management
  • Neon — database hosting
  • Anthropic — AI processing for gap analysis and recommendations
  • Stripe — payment processing (Pro subscribers only)
  • PostHog — anonymized product analytics
  • Vercel — hosting, deployment infrastructure, and file storage (Evidence Vault uploads)

We may disclose your information if required by law or to protect the rights and safety of SocWizard or its users.

7. Shared Audit Reports

SocWizard allows you to generate shareable audit report links. When you share a report link, anyone with that link can view the report content. You are responsible for controlling who you share these links with. You can revoke access by deleting the shared report from your dashboard.

8. Your Rights

You have the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your compliance content

To exercise any of these rights, email us at hello@socwizard.com. We will respond within 30 days.

9. Cookies

SocWizard uses cookies for authentication (managed by Clerk) and session management. PostHog may set analytics cookies. We do not use advertising or tracking cookies.

10. Children's Privacy

SocWizard is intended for business use and is not directed at children under 13. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this privacy policy from time to time. We will post the updated policy on this page with a revised "last updated" date. Continued use of SocWizard after changes constitutes acceptance of the updated policy.

12. Contact

Questions about this policy? Email us at hello@socwizard.com.