Sugarvet | Security and Trust Center

Security and Trust Center

Information about the running server and our security posture.

Go Version

go1.26.2

Server runtime environment

Architecture

amd64

CPU architecture

Data Residency

European Union

Where your data is stored

Operating System

linux

Server OS

CPUs

Number of logical CPUs

Goroutines

Currently running goroutines

Vendors

We limit the number of vendors we use to protect your privacy. Here are the vendors we currently work with:

Lettermint® B.V (Netherlands)

Contact|Privacy Notice

Data Shared & Justification

Data Item	Justification
Email Address	Required to deliver transactional emails (sign up, password reset).

STRIDE Threat Model Summary

A summary of our security posture using the STRIDE methodology.

Spoofing

Pretending to be something or someone other than yourself.

Mitigation Strategy

MFA, strict identity verification, and secure session management with OAuth.

Tampering

Modifying something on disk, network, memory, or elsewhere.

Mitigation Strategy

Encryption at rest, in-process, and in transit, automated SBOM, and read-only file systems using distroless containers.

Repudiation

Claiming you didn't do something or were not responsible.

Mitigation Strategy

Comprehensive audit logging, secure timestamping, and non-repudiation controls.

Information Disclosure

Providing information to someone not authorized to see it.

Mitigation Strategy

Strict access controls, data minimization, and automated secret scanning.

Denial of Service

Exhausting resources needed to provide service.

Mitigation Strategy

Rate limiting and auto-scaling infrastructure.

Elevation of Privilege

Allowing someone to do something they are not authorized to do.

Mitigation Strategy

Zanzibar authorization system, Open Policy Agent packages, principle of least privilege, RBAC, and regular security audits.

Data Policies

Transparent information about the data we collect and how we handle it.

Email address

Used for login and transactional notifications.

Category: Account

Retention: Until account deletion; Backups roll off within 35 days.
Access Data Policy Support access is only granted to the core engineering team for the purpose of troubleshooting and platform maintenance. All access is logged and audited.: You, Support (limited); Support is currently limited to core engineering team.
Stored in: Sugarvet Confidential Compute
Shared with: Lettermint® B.V (Netherlands); Only to send emails.

More details

Collected from:You

Legal basis:Contract (to provide the service)

Date of Birth (DOB)

Used for age verification.

Category: Account

Retention: Until account deletion; Backups roll off within 35 days.
Access Data Policy Date of Birth is used strictly for age verification to comply with legal requirements. It is not used for marketing or shared with third parties.: You, Founder; Your DOB is only accessed during Age verification.
Stored in: Sugarvet Confidential Compute
Shared with: None; Not shared with anyone.

More details

Collected from:You

Legal basis:Contract (to provide the service)

Government ID

Used for age verification.

Category: Account

Retention: Until requested for deletion; Deleted from service within 24 hours of request.
Access: You, Founder; Your ID is only accessed during Age verification.
Stored in: Sugarvet Confidential Compute
Shared with: None; Not shared with anyone.

More details

Collected from:You

Legal basis:Contract (to provide the service)

Liveness Recording

Used for personhood verification.

Category: Account

Retention: Until requested for deletion; Deleted from service within 24 hours of request.
Access: You, Founder; Your ID is only accessed during personhood verification.
Stored in: Sugarvet Confidential Compute
Shared with: None; Not shared with anyone.

More details

Collected from:You

Legal basis:Contract (to provide the service)

Role

Used to configure account features.

Category: Account

Retention: Until account deletion; Backups roll off within 35 days.
Access Data Policy Your role information is used to enable specific features and permissions within the platform. It is not accessed by humans unless required for support.: You; Role is not accessed by anyone.
Stored in: Sugarvet Confidential Compute
Shared with: None; Not shared with anyone.

More details

Collected from:You

Legal basis:Contract (to provide the service)

Physical Attributes

Used for platform search and matching.

Category: Account

Retention: Until account deletion; Backups roll off within 35 days.
Access: You; Not accessible by anyone.
Stored in: Sugarvet Confidential Compute
Shared with: None; Not shared with anyone.

More details

Collected from:You

Legal basis:Contract (to provide the service)

Account Information

Used for authentication and account management.

Category: Account

Retention: Until account deletion; Backups roll off within 35 days.
Access: You; Not accessible by anyone.
Stored in: Sugarvet Confidential Compute
Shared with: None; Not shared with anyone.

More details

Collected from:You

Legal basis:Contract (to provide the service)