Security & data handling
Where your data goes — straight answers.
Before you run a real RFP through Morthn, here’s exactly how your content is handled — including what we do and don’t yet have. If your security team needs more, reach out and we’ll answer directly.
Your content isn’t used to train AI models
Proposals, RFPs, and questionnaire content are processed by Anthropic’s Claude API under its commercial terms, which do not train models on API inputs or outputs. We don’t train any models on your content either.
Tenant isolation
Your vendor profile, answer library, and deals are scoped to your company (by email domain) and are never visible to another company. Access is by per-user login; there are no shared or public workspaces.
Encryption
Data is encrypted in transit (TLS) and at rest in our managed Postgres database. Uploaded documents are parsed to text and not retained as files.
You can delete your data
Library entries and deals are deletable from the product at any time. On request we’ll purge a company’s data entirely.
Passwordless auth
Login is a one-time magic link — no passwords to breach or reuse. Sessions are revocable.
Sub-processors
The services in the path.
Anthropic (Claude)
Generates proposals, questionnaire answers, and qualification. Does not train on your content.
Supabase (Postgres)
Managed database for your profile, library, and deals. Encrypted at rest.
Vercel
Application hosting and delivery.
Being straight with you
What we don’t have yet.
We’re early. We do not yet hold a SOC 2 report or ISO 27001 certification — those are on the roadmap, not done. A Data Processing Agreement (DPA) is available on request. If your procurement process requires a formal certification today, tell us where you stand and we’ll be honest about whether we’re a fit yet or should re-engage once it’s in place.
Talk to us about securityRun a service business instead? See Morthn for service businesses →