Trust & security

Your raise is sensitive.
We treat it that way.

Decks, financial models, cap tables, investor lists — the most confidential documents a founder owns. Here's exactly how craise keeps them safe.

What's in place today

Security you can verify.

No vague promises — concrete protections live on every page and every byte of your data.

256-bit TLS encryption

Every page and API call runs over HTTPS with modern TLS. Your data is encrypted in transit, end to end — nothing travels in the clear.

Active

PCI-DSS Level 1 payments

Payments are processed by Razorpay, certified to PCI-DSS Level 1 — the highest tier. craise never sees, handles, or stores your card details.

Active

Isolated workspaces

Strict per-tenant data scoping means your memos, documents and analytics are walled off from every other account. One tenant can never see another's data.

Active

GDPR ready

Built for the EU: lawful consent, data-subject rights (access, export, deletion), EU-transfer safeguards (SCCs), and signed processing agreements with our vendors.

Active

CCPA & US privacy

Aligned with California's CCPA/CPRA and the wider US state-privacy framework, including a clear "Your Privacy Choices" opt-out. We never sell your data.

Active

Document-level controls

Data rooms support passwords, NDAs, expiry dates, view limits and per-document access — plus a full audit trail of who opened what, and when.

Active
GDPREU data protection — consent, rights & SCC transfer safeguards.
CCPA / CPRACalifornia & US state privacy aligned. No sale of personal data.
PCI-DSS L1Card data handled only by certified payment processors.
SOC 2 & ISO 27001Formal audits underway as we scale into enterprise.
Under the hood

How we protect your data.

Data & access

  • Encrypted in transit (TLS) and at rest
  • Per-workspace tenant isolation on every query
  • Role-based access control + audited writes
  • Documents stored outside the public web root
  • Sensible session lifetimes & secure cookies

Your rights & ownership

  • Your data is yours — we never sell it
  • Export or delete your account at any time
  • Transparent sub-processor list & DPAs
  • Consent-based analytics for EU/UK visitors
  • Breach-response process with prompt notification

Questions about security?

Running diligence, need our DPA or sub-processor list, or want to report a vulnerability? Our team responds fast.

Contact security@craise.ai

craise is operated by SlydS. We're continuously hardening our posture and pursuing formal SOC 2 and ISO 27001 certification as we grow. This page describes current practices and is not a contractual warranty — for detailed terms see our Privacy Policy and Terms.