Last updated: January 20, 2025

Security Overview

Conductor powers sellers in back-to-back meetings, so every action must be trustworthy. This page captures our hosting posture, data handling, and how to report issues.

1. Hosting & infrastructure

Marketing site + APIs run on Vercel and Fly.io in US regions with SOC 2 compliant data centers.
Chrome side panel data stays local by default (IndexedDB). Optional cloud sync encrypts data in transit (TLS 1.2+) and at rest (AES-256).
Backups roll daily with 30-day retention. Access is limited via SSO + hardware keys.

2. Identity & access

Conductor supports SSO via Clerk for enterprise deployments. Internally we enforce least privilege, centralized logging, and quarterly access reviews.

3. Responsible disclosure

Report security issues to security@conductorgtm.com. Include reproduction steps and a secure contact method. We acknowledge within 2 business days and coordinate remediation timelines.

4. Subprocessors

Primary subprocessors: Vercel (hosting), Fly.io (APIs), Clerk (auth), Postmark (email), Cal.com (scheduling). Updated lists available on request.

5. Contact

Need a questionnaire, pen-test report, or DPA? Email security@conductorgtm.com.