SupraOS Express Intent
Home Trust Security Review
Trust Center

Enterprise security review quick answers

A public-safe DDQ-lite page for technical evaluators who want the fundamentals without waiting for a meeting.

Security overviewData handling

Company and product

What is SupraOS?

SupraOS is a governed enterprise execution layer that coordinates workflows across existing systems, enforces policy and approvals, and produces verifiable receipts of what happened.

Does SupraOS replace our existing systems?

No. SupraOS is designed to sit above existing enterprise tools and orchestrate across them.

Data handling

What data does SupraOS store?

SupraOS is designed to store structured workflow state, approvals, proof artifacts, and related execution metadata as needed to operate workflows and generate receipts.

Does all source data move into SupraOS?

No. The design goal is to keep source-of-truth data in existing customer systems where appropriate and minimize unnecessary duplication.

Do you train shared AI models on customer data?

By default, no. Customer data is used to execute the customer’s workflows and generate their receipts, not to train shared models, unless a customer explicitly opts into a governed arrangement.

Access and governance

How are actions governed?

SupraOS is designed around policy gating, role-based access, approvals, and attributable execution.

Can you show who approved and who executed an action?

That is a core product goal. Receipts are designed to capture intent, approvals, execution context, and linked evidence.

Can proof be shared without exposing everything?

SupraOS is designed to support controlled disclosure so the necessary proof can be shared without exposing all underlying content.

Deployment and isolation

What deployment models do you support?

SupraOS is designed for cloud, private cloud / VPC, and hybrid deployment patterns appropriate to enterprise requirements.

How do you think about isolation?

SupraOS is designed to support customer-aligned isolation and governed access according to deployment model and role/policy configuration.

Security posture

Are you SOC 2 / ISO 27001 certified?

We are building to enterprise expectations and can describe architecture and controls plainly, but we do not claim certifications that have not yet been completed.

How do you handle encryption and key management?

Data protection is designed to use appropriate encryption in transit and at rest according to the deployment model and customer requirements.

Retention, AI, integrations

How long is data retained?

Retention is intended to be configurable by customer requirements, workflow class, and applicable legal or regulatory needs.

Is SupraOS an uncontrolled autonomous agent?

No. SupraOS is positioned around governed execution, policy checks, approvals, and controlled actioning.

What systems do you integrate with first?

SupraOS prioritizes a small number of high-leverage connectors tied to the flagship workflow and expands from there using repeatable patterns.

Legal and process

This page is not a substitute for a full customer security review. It is the public front door that lets technical evaluators decide whether deeper diligence is worth their time.

Trust pages
Trust Center homeSecurity overviewData handlingDeployment & isolationRetention & deletionEncryption & key managementAI & data useSubprocessorsSecurity contactSecurity reviewPrivacy PolicyTerms of Use
Use
Audience
Security reviewers, legal reviewers, and technical buyers assessing fit.
Scope
Public-safe front-door answers, not a substitute for deeper diligence under NDA.
Last updated: March 3, 2026