Your processes are sensitive. We treat them that way.
TrainForge AI is designed so that the only person who can read your SOPs is you. Here's exactly how.
Encryption in transit & at rest
All traffic uses TLS 1.2+. Documents and account data are encrypted at rest in our managed database.
Your content is never used to train AI
Inputs and generated documents are processed only to deliver your request. We contractually prohibit our AI providers from training on your content.
Workspace isolation
Every account has a private workspace enforced by row-level security in our database. Only you can read your documents.
Strong authentication
Email/password authentication with leaked-password protection. SSO and SAML available on Enterprise plans.
Hardened infrastructure
Hosted on enterprise-grade cloud infrastructure with audit logging, automated backups, and regional redundancy.
Compliant payments
Card data never touches our servers. Paddle is our Merchant of Record and is PCI-DSS Level 1 certified.
What we don't do
- • We don't sell, share, or rent your content to third parties.
- • We don't train models on the text you submit or the documents we generate for you.
- • We don't store payment card numbers — Paddle handles all card data.
- • We don't share documents across customer accounts. Every workspace is isolated.
Reporting a security issue
We welcome responsible disclosure. If you believe you've found a vulnerability, email security@trainforge.ai. Please give us a reasonable window to respond before public disclosure.
For a copy of our subprocessor list, DPA, or to discuss SSO/SAML for Enterprise, contact our team.