Transparency starts with telling you exactly what data SLEDS holds.
SLEDS stores what your team explicitly shares β observations, assets, and decisions. We receive only what AI tools send through our MCP endpoint or REST API. We never reach into your tools, repos, or conversations to pull data.
Where your data lives and how it's protected.
PostgreSQL on Neon (AWS us-east-1). Encrypted at rest with AES-256. Point-in-time recovery. Connection pooling via PgBouncer.
Redis on Upstash (serverless). TLS-encrypted connections. Used for pub/sub events and session caching. Data is ephemeral.
API on Railway (Docker). Frontend on Vercel (edge network). All traffic over TLS 1.3. No data stored at the application layer.
All connections use TLS 1.2+ (1.3 preferred). This includes browser β API, API β database, API β Redis, and MCP tool β API connections. No unencrypted endpoints exist.
Database storage is AES-256 encrypted at the volume level (managed by Neon/AWS). Backups are encrypted with the same standard. API keys are bcrypt-hashed before storage.
How your context interacts with AI models β and what we guarantee.
SLEDS is a context layer β we store and serve your team's shared context. We do not send your data to any AI model for training, fine-tuning, or improvement purposes. When you use Frost (our built-in AI assistant), your context is sent to Anthropic's Claude API with zero-retention data policies enabled.
How we verify identity and enforce permissions.
All user authentication is handled by Clerk. SLEDS never sees or stores passwords. Clerk provides:
AI tools authenticate via API keys scoped to individual workspaces:
| Permission | Viewer | Editor | Admin | Owner |
|---|---|---|---|---|
| Read threads & assets | β | β | β | β |
| Search context | β | β | β | β |
| Write observations | β | β | β | β |
| Share assets | β | β | β | β |
| Manage members | β | β | β | β |
| Manage API keys | β | β | β | β |
| Delete workspace | β | β | β | β |
Every third-party service that touches your data.
| Vendor | Purpose | Data Processed | Location |
|---|---|---|---|
| Neon | PostgreSQL database | All persistent data (threads, assets, users, embeddings) | AWS us-east-1 |
| Upstash | Redis cache & pub/sub | Session state, real-time events (ephemeral) | AWS us-east-1 |
| Clerk | Authentication | User email, name, auth tokens | US |
| Railway | API hosting | Request processing (no persistence) | US |
| Vercel | Frontend hosting | Static assets, edge functions | Global CDN |
| Anthropic | Frost AI (Claude API) | Context snippets for Pulse/assistant queries | US |
| OpenAI | Embedding generation | Text snippets for semantic search vectors | US |
This list is updated when sub-processors change. Last reviewed: February 18, 2026
What happens when something goes wrong.
Automated monitoring via Railway and Vercel dashboards. Error tracking on API responses. Uptime checks on critical endpoints.
Severity assessment (P0βP3). P0 (data breach or total outage) triggers immediate response. All incidents logged with timestamps.
Affected users notified via email for P0/P1 incidents. Status updates posted to our status page. Transparent communication about scope and impact.
Root cause analysis within 48 hours of resolution. Post-mortem published for any P0/P1 incidents. Preventive measures documented and implemented.
Your data, your control.
Workspace owners can delete individual threads, assets, or entire workspaces from the dashboard. Deletion is permanent and cascading β removing a workspace removes all threads, assets, links, and member associations.
Account deletion removes all personal data and workspace memberships. Workspaces you own must be transferred or deleted first.
Database backups are retained for 7 days for disaster recovery, after which deleted data is fully purged.
All context in SLEDS is accessible via the same API your tools use. You can export your full workspace at any time through the REST API.
Export includes all threads (with observation history), assets, links, and metadata in structured JSON format.
We believe in zero lock-in. Your context is yours β we make it easy to take it with you.
Where we are and where we're headed. No badges we haven't earned.
For security inquiries, vulnerability reports, or data processing questions:
security@sleds.aiWe aim to acknowledge security reports within 24 hours and provide a substantive response within 72 hours.