Security and trust
The honest answer to “how do you protect what my people tell you?”
Anchor only works if people answer honestly, and people are only honest when they’re sure it’s safe. So we built protection in from the start. Here’s exactly how it works, in plain language.
The people who answer are protected from the people who manage them.
This is the heart of how Anchor handles data. An employee’s raw answers, and their personality responses, are never shown to their manager. Not the numbers, not the raw text, nothing. Only the finished analysis reaches a manager, and that analysis is written to protect the person who spoke.
The engine reads the raw responses. People do not. That separation is deliberate, and it is the reason honest answers are safe to give.
Encryption
Encrypted on the way in, encrypted at rest.
Every piece of data moving between your people and Anchor is encrypted in transit using standard secure connections. Everything stored is encrypted at rest using strong, current encryption.
For the most sensitive information, we go a step further. The fields your people are most careful about, their salary, their open-text answers, and their personality responses, get a second layer of encryption at the application level, above the standard database encryption. That means even in the unlikely event someone reached the raw database, those fields would still be encrypted, and the keys that unlock them are not kept alongside the data.
Access
Strict rules about who can see what.
Access to data is controlled by rules enforced at the database itself, not just in the app. A manager can only ever see analyses for their own people, and nothing about anyone else’s. Access to the most sensitive data is logged, so there is a record of what was reached and when. And the records that track this are append-only, meaning history can be added to but never quietly altered or erased.
Identity
People, not numbers.
Anchor treats every employee as a person, not a record. The system uses secure internal identifiers under the hood, but a manager only ever sees a name. Your employees are people to their managers, and people to us. That choice runs all the way down to how the data is built.
Where your data lives
Where your data lives, and where we're headed.
Anchor’s data is stored on Supabase, in the United States. Supabase is a widely used, well-regarded infrastructure provider that is independently certified to SOC 2 Type 2 and ISO 27001, two of the most recognized security standards in the industry. That’s the foundation Anchor is built on.
To be clear and honest about the difference: those certifications belong to the infrastructure we build on, not to Anchor itself. As Anchor grows, earning our own formal security certification, including SOC 2, is on our roadmap. We would rather tell you plainly where we are today than claim a badge we haven’t earned. We also built Anchor’s protections to support the privacy obligations our customers care about, including current US and Texas data privacy law. If your security team has specific requirements, we want to hear them directly.
Ownership
Your data is yours.
The data you and your people provide belongs to your organization. We use it to produce your analyses, and for nothing else. We don’t sell it, and we don’t share it. When data should be removed, it gets removed.
Questions from your security team? Bring them.
We would rather have the detailed conversation than hand you a vague reassurance. If your IT or security team has questions about how Anchor handles data, we will answer them directly and honestly.
Or email us directly at james@theretentiogroup.com