usulid

- Security posture for KYC Events Copilot at Sign-up Solutions ROI Security
Security One-Pager • Customer-Facing Security posture for KYC Events Copilot Procurement-ready overview: data types, controls, subprocessors, retention, and incident response. Request DPA + Security Packet Book a 15-min walkthrough Hosting & infrastructure Regionalized for EU operations. Compute Firebase Functions — Europe West (europe-west). Storage Firebase Storage — Europe West (europe-west). Authentication Firebase Auth — corporate email login only (domain allowlist). What we handle We aim to minimize sensitive data and keep customers in control. Account data Name, business email, role, tenant metadata. Case metadata Event type, timestamps, risk tier, reviewer notes. Customer documents Optional; controlled by customer policy and workflow. Core controls High-level controls most reviewers require. Access & isolation Tenant isolation boundaries Role-based access (RBAC) for cases and evidence Corporate email only (domain allowlist) to prevent consumer accounts Least-privilege connector scopes Encryption TLS in transit Encryption at rest via Firebase/Google Cloud managed encryption Optional customer-managed key story: Placeholder_KMS Logging, audit, and retention Evidence-first with a defensible trail. Audit trail Case create/edit, uploads, approvals, and key actions with timestamps. Retention Configurable retention. Deleted data removed from active systems and ages out from backups per schedule. Monitoring Placeholder_Monitoring (alerts on errors/unusual patterns). Subprocessors Core subprocessors and customer-authorized integrations. Google Cloud / Firebase (hosting + storage) — Europe West region Customer-authorized integrations: Google Workspace APIs / Microsoft Graph (if enabled) Monitoring: Placeholder_Monitoring Analytics (optional): Placeholder_Analytics Full subprocessor list and technical measures are included in the DPA/security packet. Incident response Clear process and timely notification. Triage → containment → eradication → recovery → postmortem Customer notification without undue delay per contract and applicable law Root cause analysis for material incidents impacting customer data Security contact:security@usulid.com Sign-up Book a 15-min consultation
Terms Privacy DPA © 2026 Usulid - - Printed at: © 2026 Usulid

Hosting & infrastructure

Regionalized for EU operations.

Compute

Firebase Functions — Europe West (europe-west).

Storage

Firebase Storage — Europe West (europe-west).

Authentication

Firebase Auth — corporate email login only (domain allowlist).

What we handle

We aim to minimize sensitive data and keep customers in control.

Account data

Name, business email, role, tenant metadata.

Case metadata

Event type, timestamps, risk tier, reviewer notes.

Customer documents

Optional; controlled by customer policy and workflow.

Core controls

High-level controls most reviewers require.

Access & isolation

Tenant isolation boundaries

Role-based access (RBAC) for cases and evidence

Corporate email only (domain allowlist) to prevent consumer accounts

Least-privilege connector scopes

Encryption

TLS in transit

Encryption at rest via Firebase/Google Cloud managed encryption

Optional customer-managed key story: Placeholder_KMS

Logging, audit, and retention

Evidence-first with a defensible trail.

Audit trail

Case create/edit, uploads, approvals, and key actions with timestamps.

Retention

Configurable retention. Deleted data removed from active systems and ages out from backups per schedule.

Monitoring

Placeholder_Monitoring (alerts on errors/unusual patterns).

Subprocessors

Core subprocessors and customer-authorized integrations.

Google Cloud / Firebase (hosting + storage) — Europe West region

Customer-authorized integrations: Google Workspace APIs / Microsoft Graph (if enabled)

Monitoring: Placeholder_Monitoring

Analytics (optional): Placeholder_Analytics

Full subprocessor list and technical measures are included in the DPA/security packet.

Incident response

Clear process and timely notification.

Triage → containment → eradication → recovery → postmortem

Customer notification without undue delay per contract and applicable law

Root cause analysis for material incidents impacting customer data

Security contact:security@usulid.com

Sign-up

Book a 15-min consultation

Security posture for KYC Events Copilot