Exordia
Why ExordiaPricingBlog

Trust & Security

Your data security is our top priority. Learn about how we protect your information with production security controls.

256-bit Encryption
GCP Infrastructure
Audit Logging
OAuth SSO

Data Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your workshop notes and client information are always protected.

Authentication

SSO via Google OAuth and Microsoft Entra ID. OAuth 2.0 with PKCE and state validation. No passwords stored for production users.

Access Control

Role-based access control (RBAC) at system, organization, and project levels. Principle of least privilege enforced.

Infrastructure

Hosted on Google Cloud Platform with private VPC networking, Cloud Armor WAF protection, and automatic scaling.

Audit Logging

Comprehensive audit logs of all user actions. Organization admins can view and export their audit trail for compliance.

Data Retention

Configurable data retention policies. Full data export in JSON format. Data deletion or anonymization upon eligible request within a commercially reasonable timeframe (typically within 30 days), subject to legal and platform-integrity requirements.

AI Data Privacy

Workshop data processed through Google Vertex AI (Anthropic Claude, Google Gemini) is not retained after inference and is never used to train AI models — a contractual guarantee under enterprise agreements.

Compliance & Certifications

Current Measures

  • HTTPS/TLS encryption on all endpoints
  • OAuth 2.0 authentication
  • Role-based access control
  • Audit logging with 90-day retention
  • Data export for portability
  • Security headers (HSTS, CSP, etc.)

Available

  • Data Processing Addendum (DPA) with SCCs and UK transfer terms

In Progress

  • Penetration testing
    Planned

Subprocessors

We use the following third-party services to provide Exordia:

ProviderPurposeLocation
Google Cloud PlatformInfrastructure, Database, StorageUnited States
AnthropicAI Processing (Claude)United States
Google (Gemini)AI ProcessingUnited States
Google OAuthAuthenticationGlobal
Microsoft Entra IDAuthenticationGlobal
StripePayments and BillingUnited States
PostmarkTransactional EmailUnited States
Upstash RedisRate Limiting and CachingUnited States

AI subprocessors (Anthropic, Google Gemini) process workshop data transiently for inference only. No customer data is retained or used for model training under our enterprise service agreements.

Vulnerability Disclosure

We welcome good-faith security research. If you believe you have identified a security issue, please report it to [email protected].

Please include reproduction steps, impact, and affected endpoints. Do not access data that is not your own, do not disrupt service availability, and do not perform destructive testing.

Security Questions?

If you have security concerns or want to report a vulnerability, please contact us.

[email protected]security.txt
Last updated: February 2026
Exordia

The discovery workshop platform for requirements professionals.

Product

  • Why Exordia
  • Pricing
  • Use Cases
  • Blog

Features

  • Discovery Templates
  • AI Requirements
  • Collaboration
  • Exports & Integrations

Company

  • Contact
  • Trust & Security
  • Privacy
  • Terms
  • Cookie Policy
  • Accessibility
  • Do Not Sell My Information
© 2026 Exordia Cloud LLC. All rights reserved.