SaneCite is built for teams whose documents are their most sensitive asset. Here's exactly how your data is handled — stated plainly, the same way we answer questions inside the product.
Every query, document, and answer is scoped to the authenticated solo or Enterprise workspace. Automated isolation probes test cross-workspace denial before release.
Encrypted in transit (TLS 1.2+) and at rest (AES-256), on Cloudflare's network.
Your documents never train any model. The model only ever sees the short evidence excerpts selected for a single question — never whole documents.
Set your own retention. Delete workspace content with one click and get a signed deletion receipt. Export your answers anytime.
Magic-link sign-in — no passwords stored to breach or phish. Sessions are HttpOnly, Secure, and expire.
Uploaded documents are treated as untrusted data (prompt-injection defenses), and every “supported” answer is independently verified before it's shown.
Runs entirely on Cloudflare — itself SOC 2 Type II and ISO 27001 certified — isolated from all other systems.
Every answer records its source, status, and version. When a source document changes, dependent approved answers are flagged stale.
On the Enterprise plan: workspace membership with owner/admin/reviewer roles, shared workspace evidence and answer libraries, SSO via Cloudflare Access, SCIM provisioning, and an exportable audit log — provisioning is scoped to your verified domain, and cross-workspace access is structurally blocked.
Cloudflare — hosting, compute, storage, and AI inference (SOC 2 Type II, ISO 27001). Resend — transactional sign-in and invite email. Lemon Squeezy — payment and subscription billing. See the subprocessor list.
Security questions, answered → — we answer the standard vendor-security questionnaire about ourselves, plainly. Need anything specific? Email hi@saneapps.com.
Security Q&A · DPA · Subprocessors · Status · Privacy · Terms · Pricing · Sign in