ConsultBench
Workbench
Sign inGet started
Security & privacy

Your project knowledge stays yours.

ConsultBench holds the most sensitive output of your career. We treat it that way — with strict isolation, encryption, and an explicit no-training policy.

Encryption in transit and at rest

All traffic to ConsultBench uses TLS 1.2+. Documents and embeddings are encrypted at rest using AES-256 within our managed cloud database and object storage.

Where your data is stored

Vault content, embeddings, and metadata are stored in our managed Postgres and object storage layer (powered by Supabase, hosted on AWS in the us-east-1 region by default). Enterprise customers can request alternate regions.

Who can access your data

Only you. Each user's vault is isolated by row-level security policies. ConsultBench engineers do not read customer documents and only access infrastructure for security incidents or with explicit, time-bound customer authorization.

We do not train AI models on your data

Your documents are used solely to retrieve grounded context for your own queries. We do not train, fine-tune, or share any model — ours or a third party's — on customer content. Inference providers we use are configured under zero-data-retention terms where available.

SOC 2

In progress — formal Type 1 audit underway with completion estimated Q3 2026. We are happy to share our current security questionnaire and policies on request. We do not currently claim SOC 2 attestation.

GDPR

ConsultBench acts as a data processor for content you upload. We support EU data subject rights — access, correction, deletion, and portability — via in-product controls and at privacy@consultbench.com. A DPA is available for Team and Enterprise customers.

Account deletion & data portability

You can delete your account and vault from settings at any time. Deletion permanently removes documents, embeddings, and metadata within 30 days. You can export your uploaded documents at any time.

Questions or security disclosures

Email security@consultbench.com for security questionnaires, vulnerability reports, or DPA requests.