Trust Center

Reclaim Protocol is committed to full transparency about how we handle your data, secure our infrastructure, and comply with global privacy standards. Every check is automated and updated weekly from live sources.

Compliance

SOC 2 Type II

AICPA

Active

GDPR

European Union

Active

ISO

ISO/IEC 27001

ISO

Active

Controls

7 checks monitored

Data Privacy

Data privacy checks performed
Session logs analyzed weekly
No PII detected in latest run

View details →

Code Security

Vulnerability scanning automated
Code review conducted weekly
Severity categorization enforced

View details →

Supply Chain

Dependency vulnerabilities monitored
Dependabot alerts tracked
Open alerts reviewed

View details →

Databases

Data retention monitored
Oldest record age tracked
Schema compliance verified

View details →

Whitepaper Adherence

Claims verification automated
Implementation consistency checked

View details →

License Compliance

Dependency licenses scanned
Copyleft detection enabled

View details →

Uptime & Service Health

Core service endpoints monitored
Health checks run weekly
Response time tracked

View details →

Subprocessors

View all

aws

Amazon Web Services·Cloud infrastructure (compute, storage, databases)

IN — ap-south-1, EU — eu-north-1

Google Cloud Platform·TEE confidential compute (TEE_T)

US — us-central1

Firebase (Google)·Admin authentication (Google OAuth)

Anthropic·AI analysis for PII, security, and whitepaper checks

FAQ

All automated checks run weekly every Sunday at 02:00 UTC via Vercel Cron. Admins can trigger manual re-runs at any time. Results are pre-computed and served from the database — no AI calls happen when you visit this page.

Visit the Compliance section and click "Request Report" on any certification. Fill out the form with your details and someone from our team will email the certificate to you directly.

Reclaim Protocol processes session verification data and provider configurations for the proof generation flow. We do not collect credit card information, personal health information, or social security numbers. IP addresses are resolved to country-level only and then discarded.

We use Claude (Anthropic) to analyze session logs for PII, review source code for security vulnerabilities, and verify whitepaper claims against the codebase. AI context includes our architecture docs and dismissed findings from previous audits to minimize false positives.

Primary infrastructure runs on AWS (us-east-1) including MongoDB, ClickHouse, S3, and Nitro Enclave TEE. GCP (us-central1) hosts Confidential VM TEE instances. See the Subprocessors section for the full list of third-party services.