Trust Center
Every commitment we make. In one place.
TitleTrace is built for regulated industries where trust is not assumed — it is earned through transparency. This page documents what we have built, what we commit to, and what we are working toward.
Data Isolation
How your data is stored: Every TitleTrace organization operates in a fully isolated tenant environment. Your documents, extracted entities, graph relationships, AI query history, and audit logs are scoped exclusively to your organization at the database level. There is no shared storage pool, no shared query layer, and no administrative pathway that bypasses this isolation.
What this means in practice: No other organization can access your documents. No TitleTrace employee can access your documents through the application interface. Access to raw infrastructure is restricted to a minimal set of authorized personnel for operational purposes only and is logged.
AI and Model Usage
Your documents are never used for training. Files uploaded to TitleTrace are processed solely to deliver the services you have requested. They are never used to train, fine-tune, or improve any AI model — ours or any third party's.
How AI inference works: All AI reasoning runs in isolated sessions scoped to your query. The session is ephemeral — it does not persist after your query is answered. We use foundation model APIs under strict data processing agreements that prohibit prompt and response logging by the model provider.
What the AI does and does not do: TitleTrace's reasoning engine is grounded in your uploaded documents and your firm's ingested rules. It does not draw on external knowledge bases, internet sources, or data from other TitleTrace customers. Every answer is assembled from source text extracted from your project files.
Encryption
In transit: All data transmitted between your browser and TitleTrace servers is encrypted using TLS 1.3.
At rest: All stored documents and extracted data are encrypted at rest using AES-256. Encryption keys are managed through a dedicated key management service with automatic rotation.
Audit Logging
Every action taken within TitleTrace is recorded in an immutable, database-level audit log:
- Document uploads and deletions
- Query submissions and responses
- Entity extraction events
- User access and authentication events
- Terms-of-service agreement records
- Team member invitations and role changes
Audit logs cannot be modified or deleted by users, administrators, or TitleTrace personnel. They are available to account administrators on request.
Data Retention and Deletion
You own your data. You control its lifecycle.
Documents and workspace data can be deleted at any time through the application interface. Deletion is immediate and permanent — deleted files are not retained in backup snapshots after the deletion event.
Upon account termination, all customer data — documents, extracted entities, graph data, audit logs, workspace configurations — is permanently purged within 30 days. A data export is available at any time prior to termination for portability.
Document processing: Uploaded documents are retained for the duration of your account and active projects. You can set project-level retention windows and delete individual files or entire projects at any time.
Isolated Document Vault
Your project files live in an encrypted, firm-scoped vault — not a shared storage environment. Storage is isolated at the infrastructure level. Your files are not accessible to other organizations and are not retained beyond your defined retention window.
Zero Model Training Agreement
TitleTrace operates under a Zero Model Training policy. This commitment is:
- Contractually reflected in our Terms of Service
- Enforced through data processing agreements with all third-party model providers
- Not contingent on account tier or plan level
This applies to all customers on all plans, including the free trial.
Compliance Roadmap
| Milestone | Status |
|---|---|
| Tenant isolation architecture | Complete |
| Immutable audit logging | Complete |
| AES-256 encryption at rest | Complete |
| TLS 1.3 in transit | Complete |
| Zero model training policy | Complete |
| SOC 2 Type I readiness | In progress— Targeted Q3 2026 |
| SOC 2 Type II certification | Planned— Following Type I |
Responsible Disclosure
If you identify a security vulnerability in TitleTrace, contact security@titletrace.com. We commit to an acknowledgment within 24 hours and follow responsible disclosure practices. We do not pursue legal action against good-faith security researchers.
Questions
If you have specific compliance, regulatory, or procurement security requirements, contact us directly at hello@titletrace.com. We provide security documentation appropriate to your procurement process.