Trust Center
A critical credibility artifact for technical evaluators, security reviews, and due diligence.
1. Privacy commitments
Nine guarantees that apply to the marketing site at rtscale.ai and govern how we think about data across every product we ship.
-
No biometric data from marketing-site visitors.
The SoM Sig capture pipeline is an SDK component deployed in partner applications. The marketing site itself — pages at rtscale.ai — does not activate any camera, microphone, or biometric capture. No affective-indicator data is collected from visitors to this site.
-
No third-party trackers.
We do not load Google Analytics, Meta Pixel, LinkedIn Insight Tag, HubSpot tracking, or any other third-party tracking script. Plausible is our sole analytics provider — privacy-preserving, cookie-free, and not connected to advertising networks.
-
No individual visitor profiles.
Plausible's aggregate reporting does not allow us to reconstruct the browsing history or identity of any individual visitor. Individual tracking is architecturally impossible in our analytics stack.
-
No phone numbers collected.
Our contact form does not ask for a phone number. We don't want it. Form data is name, work email, company, and message only.
-
No selling or renting of form data.
We do not sell, rent, or share your form submission data with third parties for marketing purposes. We do not use form data to build advertising audiences. We do not add you to mailing lists without explicit consent separate from the form submission.
-
Cryptographic erasure as right-to-erasure mechanism.
For SDK-processed SoM Sig data in a partner application, revoking your per-subject root token renders all downstream SoM Sig tokens mathematically unverifiable. The underlying biometric provenance is rendered inaccessible, not just deleted — a stronger guarantee than standard deletion.
-
Regulatory reporting transparency.
When regulatory inquiries or law enforcement requests require us to disclose data, we will notify affected users to the extent permitted by law. We maintain a transparency report cadence documented here in the Trust Center.
-
No telemetry from SDKs without explicit configuration.
The RTScale SDK does not send telemetry, usage events, or diagnostic data to RTScale infrastructure without explicit configuration by the integration partner. Default SDK behavior is offline-first; data flows only when the partner configures the RTScale API endpoint.
-
Server-side analytics only; aggregated reporting.
Analytics data is aggregated server-side by Plausible before storage. No raw page-view events attributable to individuals are stored. Data is used to understand aggregate traffic patterns for product improvement — not to profile visitors.
2. Security posture
SOC 2
In preparation
Type II audit planned for Q3 2026. We will post the report in the Audit Reports section when available.
ISO 27001
Roadmap
Planned for 2027 following SOC 2 Type II completion.
Penetration testing
Annual
External penetration test conducted annually. Executive summary available in Audit Reports.
Vulnerability disclosure
Open
Report vulnerabilities to security@rtscale.ai. We acknowledge within 72 hours and respond within 10 business days.
3. Responsible AI
Our framework for affective-AI use. These are engineering constraints, not marketing claims. They are reflected in the architecture of the SoM Sig capture pipeline.
What we will not build
- Systems that identify individuals from biometric data without consent.
- Real-time affect scoring for advertising targeting, HR evaluation, or law enforcement surveillance.
- Affect models trained on data collected without affirmative consent from the individuals whose affect was captured.
- Persistent behavioral profiles across transactions or sessions.
Populations we will not target
- Minors. The SDK and all partner integration agreements prohibit deployment in contexts where the user population includes individuals under 18.
- Individuals under duress, coercion, or acute cognitive impairment — the SoM Sig is specifically designed to detect and flag these conditions, not to override them.
Bias and demographic variance
Affective-AI models exhibit known demographic variance in accuracy across gender, age, and ethnicity. We publish our demographic performance evaluation methodology and maintain internal bias audit results accessible to integration partners under NDA. No SDK release ships without a bias audit against our minimum demographic-parity thresholds.
Model lineage
The SoM Sig pipeline uses decomposed indicators (FE stream: AU-coded facial action; VE stream: prosodic features, not voiceprint; ME events: keyword-bound). Raw video and audio buffers are processed on-device and discarded. No face recognition embedding, no voiceprint, no clinical assertion is ever transmitted. Integration partners receive a signed JSON token containing the SoM Score and class designation — not the underlying indicator vectors.
4. Audit reports
Current attestations and external audit results. Access requires email submission to verify you are a qualified technical evaluator or design partner.
Audit reports are available to qualified evaluators. Submit your work email to request access. We will respond within one business day.
Request access →Reports available upon request: penetration test executive summary (annual), SOC 2 bridge letter (in preparation), GDPR Article 30 Records of Processing Activities (on request from EEA/UK counterparties under DPA).
5. Subprocessors
All vendors that touch any production data for the rtscale.ai marketing site. SDK subprocessors used by integration partners are governed by the relevant DPA.
| Vendor | Service | Jurisdiction |
|---|---|---|
| Render | Hosting — static site (CDN) and API web service | United States |
| Plausible Analytics | Analytics — privacy-preserving aggregate page-view data | European Union (Estonia) |
| Resend (configuration-dependent) | Email — form dispatch to internal inbox | United States |
This list is updated when subprocessors change. Last updated: 13 May 2026.
6. Data handling
Retention periods, storage jurisdiction, and transfer mechanisms for all data types collected through the marketing site.
| Data type | Retention | Jurisdiction | Transfer mechanism |
|---|---|---|---|
| Form submissions (contact) | Until request is resolved + 1 year | United States | N/A — no EEA transfer |
| Form submissions (demo) | Duration of sales process + 1 year | United States | N/A — no EEA transfer |
| Server logs (hashed IP + metadata) | 30 days | United States | N/A — no EEA transfer |
| Analytics (aggregated, no PII) | Rolling 24 months | European Union | Plausible EU data residency; no SCCs required |
Privacy inquiries: privacy@rtscale.ai