Falcyn
Security

Built like it's your career on the line. Because it is.

Everything on this page describes a control that is live today — not a roadmap item wearing present tense.

Your data is yours — provably.

Export everything you've given us, any time, from Settings — no support ticket, no waiting. Request deletion and your account and its data are removed. Both are built into the product, on every plan, ungated.

Hard tenant isolation.

Every row of your data carries your tenant identity, and the database enforces row-level security on every table that holds it — isolation is a property of the schema, not of application code remembering to filter.

Encryption in transit and at rest.

TLS everywhere in transit. Personal data is envelope-encrypted at rest with per-tenant data keys anchored to a cloud KMS — the root key never sits in a config file.

An audit trail that can't be quietly edited.

Every action Falcyn takes on your behalf writes an append-only, hash-chained audit entry before the action completes. You can read your own activity feed in the app.

You execute, Falcyn prepares.

Falcyn never submits applications, sends messages, or takes any third-party action for you. Everything it drafts waits in your review queue until you act — that boundary is enforced in the architecture, not just the copy.

Your documents don't train models.

We call commercial model APIs under terms that exclude training on your content, and we never use your resumes, letters, or notes to build models ourselves.

On formal attestations: we build to recognized control frameworks from day one, and we'll only ever claim an audit result after an auditor issues it. Questions about our practices? security@falcyn.ai.