Security at AceDrafts

Last updated: May 28, 2026

As an independent software consultant, you handle highly sensitive information about your clients' operations, CRM architectures, and business processes. Trusting a third-party tool with discovery call recordings is a major decision.

We believe in absolute transparency about our security practices, architecture, and honest limitations. This page outlines exactly how we protect your data so you can make an informed choice.

How We Protect Your Data

  • Encryption in Transit: All web traffic and API calls to AceDrafts are encrypted in transit using industry-standard Transport Layer Security (TLS / HTTPS).
  • Edge Security & DDoS Protection: AceDrafts is hosted on Cloudflare's global edge network. Cloudflare provides robust Distributed Denial of Service (DDoS) protection, Web Application Firewall (WAF) filtering, and edge security to prevent malicious access and ensure site availability.

Authentication & Access Control

  • Secure Authentication: We use Supabase Auth to handle user authentication, password hashing, salting, and session management. We enforce email verification for all new accounts.
  • Row-Level Database Security: Our database (Supabase Postgres) enforces strict Row-Level Security (RLS). Every database query is strictly filtered by the authenticated user's ID. It is technically impossible for one user to query or access another user's records.
  • Server-Side Credentials: Our database administrative credentials and service-role keys are stored strictly server-side. They are never exposed to client-facing code, preventing client-side data leaks.

Payment Security

  • Zero Raw Card Storage: AceDrafts does not process, handle, or store your credit card information. All transactions and billing cycles are managed securely through Stripe.
  • PCI Compliance: Stripe is a certified PCI Service Provider Level 1 (the strictest standard in the payment industry). AceDrafts only stores a Stripe customer ID to verify your billing status.

Audio & Transcript Handling

  • Immediate Audio Deletion: When you upload a discovery call recording, the audio file is securely sent to our backend to be transcribed. As soon as the transcription is completed, the audio file is permanently deleted from our servers. We do not store raw recordings.
  • Temporary Transcript Storage: Transcription texts are stored temporarily only long enough to generate your Statement of Work (SOW) document. Once your SOW is successfully processed and finalized, transcripts are discarded from active processing.

AI Processing & Third Parties

  • Secure Transmission: SOW documents are drafted by sending transcript segments to third-party AI APIs (Anthropic Claude and/or OpenAI) over encrypted HTTPS connections.
  • No Model Training: We use commercial developer API tiers for AI processing. Under our third-party API agreements, these providers are prohibited from retaining our data or using your transcripts to train their AI models. Your business data remains private.

Our Honest Limitations

We want to be completely candid with you about where we stand. AceDrafts is a pre-scale product operated by a US-based sole proprietor. To help you evaluate whether our risk profile matches your needs, please note the following:

  • No SOC2 or ISO 27001: We have not yet undergone formal third-party audits such as SOC2, ISO 27001, or equivalent security certifications.
  • No Formal Penetration Tests: While we perform continuous internal security reviews, we have not yet commissioned a formal, external security penetration test.
  • No Uptime SLA: While we leverage Cloudflare's highly resilient global network, we do not formally guarantee a service uptime SLA at this early stage.
  • No Formal Bug Bounty: We do not operate a formal, paid bug bounty program.

Reporting a Security Issue

If you discover a security vulnerability or have reason to believe your account has been compromised, please report it immediately.

We promise to acknowledge your report quickly, investigate the issue in good faith, and deploy a fix as soon as possible. Please email all security concerns to:

legal@acedrafts.com

Contact Us

If you have further questions about our architecture, privacy protocols, or data policies, feel free to contact us at:

Email: legal@acedrafts.com

This security disclosure applies specifically to the AceDrafts platform. We evaluate and update our security protocols regularly as our product scales.