Life events are personal.
We treat them that way.
Gaite handles sensitive information about health, finances, family, and legal matters. We take that seriously. Here is exactly what we do to protect your data, and where we are headed.
What we do today
Concrete practices, not checkbox claims.
Encryption everywhere
All data is encrypted in transit via TLS and at rest using Google Cloud Platform's default encryption. Your data is never stored or transmitted in plaintext.
Enterprise-grade infrastructure
Gaite runs on Google Cloud Platform and Vercel. Both providers maintain SOC 2 Type II, ISO 27001, and other certifications. Our infrastructure inherits their security posture.
Company data isolation
Each organization's data is logically isolated. One company's employees, benefits documents, and usage data are never accessible to another company.
Authentication via Google Firebase
User authentication is handled by Firebase Authentication, Google's identity platform. We don't store passwords. Accounts are independent from your employer's systems.
Audit logging
Enterprise accounts get audit logs for administrative actions. Who did what, when, and from where. Available for compliance reviews.
Domain-verified access
Enterprise employees are verified by company email domain. No one outside your organization can access your company's Gaite instance without authorization.
Your data
Your data is yours. Full stop.
We built Gaite to help people through difficult moments, not to harvest their information. Our commitments on data ownership are simple and absolute.
Your employer never sees your data
This is by design, not by accident. Gaite is intentionally not integrated into your employer's systems. Your journeys, your conversations, your life events are completely private. Your employer can see aggregate usage data, never individual activity. When you're navigating a divorce or a health diagnosis, that privacy matters.
You own your data
Everything you put into Gaite belongs to you. Your journeys, your answers, your documents. We hold it on your behalf, not ours.
View, edit, or delete anytime
You can see everything Gaite knows about you, correct anything that's wrong, and delete any or all of it at any time. No hoops, no waiting periods.
No selling. Ever.
We do not sell, rent, share, or monetize your personal data. Our business model is subscriptions, not data brokerage. This is non-negotiable.
Data portability
Your data is yours to take with you. If you leave Gaite, you can export what you've created.
Where we’re headed
Transparent about what’s next.
We’re a small team building fast. We don’t have every certification yet. Rather than pretend we do, here is our roadmap. If you have questions about any of this, ask us directly.
SOC 2 Type II
We are actively working toward SOC 2 Type II certification. Our infrastructure providers (GCP, Vercel, Firebase) are already SOC 2 certified, which gives us a strong foundation.
Penetration testing
Third-party penetration testing to identify and address vulnerabilities before they become issues.
HIPAA compliance
Life events touch health data. We're evaluating the path to HIPAA compliance to support healthcare-adjacent use cases and employer requirements.
Questions about security?
We’re happy to walk through our security practices, answer vendor questionnaires, or discuss specific requirements for your organization.