Private uploads
Evidence documents and questionnaires live in private storage. Public file URLs are not part of the production flow.
ProofFill security
Security questionnaires contain sensitive company evidence. ProofFill is being built around private uploads, server-side AI calls, signed downloads, deletion controls, and careful no-overclaiming language.
Coverage preview
Sample questionnaire output
Data encryption at rest?
Incident response SLA?
Do you support SSO?
Evidence documents and questionnaires live in private storage. Public file URLs are not part of the production flow.
The site states no training use for uploaded customer documents, and provider configuration must support that promise.
The browser never receives AI provider keys. Processing happens in trusted server and worker services.
ProofFill should not imply SOC 2 certification or penetration test results until those controls exist.
Deletion and retention policy must be visible before sensitive evidence is uploaded.
AI provider calls belong on the server side, not inside public browser code.
No. ProofFill is designed around private storage and signed downloads.
The intended product policy is no training use for uploaded customer documents.