← Dashboard · Compliance hub · Pricing · Privacy · Terms

Trust Center

CapchaCloud consent evidence & identity · ServiceAutomations.ai holding company

One tenant ID everywhere

Your login ID (from Better Auth) is your client_id for capture, verify, API keys, webhooks, and—when enabled—Stripe billing metadata. We don’t mint a second opaque tenant key for core operations.

Subprocessors & roles

Full list and change-notice policy: Subprocessors policy.

Provider	Purpose	Notes
Cloudflare	Workers, R2, D1, Queues, Turnstile, Workers AI	Compute, storage, metadata DB, bot/human checks, optional AI assistant.
Stripe	Payments & subscription billing	Card vault & invoices live at Stripe. Customer records reference your tenant ID in metadata.
Google / Apple	OAuth sign-in	Delegated authentication only; session cookies on our Worker.

Security controls (summary)

Hashed API keys; optional platform master key scoped with ?client_id=
Signed consent webhooks (HMAC); optional idempotency on capture
Strict CORS for credentialed APIs when CREDENTIALED_ORIGINS is configured
Rate limits (KV-backed when bound)
Append-only style security audit log in D1 with hash-chained rows for tamper evidence on new events
Tenant data purge on account deletion hook

Billing integrity

Stripe Checkout and Customer Portal are initiated from the dashboard. Webhooks at /webhooks/stripe update subscription state against your tenant ID. We don’t use Stripe as the identity source—only as payment processor.

AI disclaimer

The compliance assistant uses Workers AI (e.g. Llama-class instruct). Outputs are not legal advice and require human review.

Compliance program

Twenty trust themes (security, residency roadmap, SDLC, SBOM, incident practices, and more): Compliance hub. Same disclaimer applies — descriptive policies, not certifications.

Legal (no compliance guarantee): Privacy Policy · Terms of Service. Questions: serviceautomations.ai. This page is descriptive—not a substitute for a signed DPA or counsel.