Built for teams that take privacy seriously.
Your team memory is only as valuable as it is safe. Switchy encrypts every message, gates every memory by visibility, and never trains on your data.
Encryption
TLS 1.3 in transit, AES-256 at rest. API keys hashed with bcrypt. Secrets stored in GCP Secret Manager, never in application code.
Authentication
OAuth 2.0 (Google, GitHub) + email/password with bcrypt. HTTP-only session cookies, SameSite=Lax, signed by NextAuth.
Infrastructure
Google Cloud Platform (Cloud Run + Cloud SQL) with automatic scaling, DDoS protection, and geographic redundancy. Smoke-gated deploys with zero-downtime traffic shifts.
Privacy controls
Every memory has a visibility (private / space / org). Widening is confirmed. Retrieval filters at the SQL layer — there is no "oops, I leaked my private note to the team" path.
- SOC 2 Type II audit in progress — target Q3 2026
- GDPR — full export + deletion on request (self-serve from Settings)
- CCPA — no data sales, right-to-know + right-to-delete honored
- ISO 27001 certified infra (Google Cloud)
- DPA available for every plan, including Starter
- No training on your data — period
Cloud Run in europe-west1 with failover in us-central1. Postgres encrypted at rest, managed by Cloud SQL with automated point-in-time recovery.
Report a vulnerability
Found something? Email security@switchy.build — we triage within 24h and publicly credit responsible disclosures.