Trust Center

Security & compliance at Supercenter

Supercenter is the control plane for enterprise AI agents — skills, integrations and AI coworkers that act inside your existing tools. Security is structural, not bolted on: agents get scoped, encrypted credentials resolved only at execution time; consequential actions require human approval; every tool call is audit-logged with on-behalf-of attribution; and cross-user access exists only through explicit, revocable delegation grants.

This page is generated live from our internal compliance system — the same controls, monitors and vendor register our team operates on. Request access below for the gated document set (DPA, policies, reports).

security@supercenter.app Privacy Notice Status

Subprocessors

Third parties that process customer data on our behalf. Generated from our vendor register. We give at least 30 days notice of changes. Coworkers (private beta) providers are disclosed to beta participants and will be published here at general availability.

Composio·integrationsSOC 2 Type II

Managed connector layer: third-party OAuth, connected-account credential storage, tool execution against 200+ SaaS APIs, trigger webhooks.

United States

SCCs

Convex·infrastructureSOC 2 Type II

Primary application database: organizations, users, agents, sessions, audit logs, encrypted connector credentials.

United States (AWS us-east)

SCCs

Parallel AI·aiSOC 2 Type II

Web search API behind the agent web_search tool (search queries leave the platform).

United States

SCCs

PostHog·analyticsSOC 2 Type II

Product analytics and event tracking on app + marketing surfaces.

European Union (PostHog EU Cloud)

Not required (EU-hosted)

Resend·communicationsSOC 2 Type II

Transactional email: delegation invites, notifications, trust-center access links.

United States

SCCs

Stripe·paymentsPCI DSS Level 1SOC 2 Type II

Subscription billing, payments, invoices (PCI DSS Level 1).

United States / global

EU-US DPF + SCCs

Upstash·infrastructureSOC 2 Type II

Redis for distributed rate limiting (org identifiers and counters only).

United States

SCCs

Vercel·infrastructureSOC 2 Type IIISO 27001

Application hosting, serverless compute, file storage (Blob), agent execution sandboxes, and the AI model gateway. The gateway routes LLM prompts/completions to model providers — Anthropic, OpenAI, Google and xAI — under zero data retention at the gateway and no-training commercial terms; those providers act as Vercel's sub-processors.

United States (primary: us-east), global edge

EU-US DPF + SCCs

WorkOS·authSOC 2 Type II

Authentication (AuthKit/SSO), organization & user directory, audited support impersonation.

United States

EU-US DPF + SCCs

Security contact

Vulnerability reports and security questions: security@supercenter.app. Reports are acknowledged within two business days. We do not pursue good-faith research.