Q01
Where is data stored?
Supabase PostgreSQL, US-East. Encrypted at rest. TLS 1.3 + HSTS preload in transit.
Gladius
LoadingEverything we do to protect dealer data, in one place.
Quick answers
Same answers we give on every vendor-risk call. Forward this page, skip the meeting.
Q01
Supabase PostgreSQL, US-East. Encrypted at rest. TLS 1.3 + HSTS preload in transit.
Q02
Tenant-isolated. Founder + assigned CSM for support only. Every access writes an audit row.
Q03
72 hours from confirmation, in writing, to every affected dealer principal. Lives in the MSA.
Q04
Type II in progress, auditor engagement targeted Q4 2026. FTC Safeguards + GLBA compliant today.
Q05
No. Never. Not for marketing, not for lead resale, not for model training. See /privacy.
Q06
Postgres-portable export in usable formats (CSV + JSON). No extraction fees, no hostage data.
Q07
Yes — homegrown TOTP MFA (RFC 6238) shipped May 2026. Dealer-wide force-enrol switch available.
Q08
security@gladiuscrm.com — bounty $250 – $10K, 72h response. Full policy at /awais/red-team.
Four pillars
No PDFs, no slideware. Click through and verify.
01
66 diagnostic rules, 53 error signatures, 261 root causes, IQ 145 self-grading engine. Embedded inside the app, not bolted on like a WAF.
Read the AWAIS architecture →02
FTC Safeguards + GLBA compliant today. SOC 2 Type II in progress. PCI out-of-scope by design — card data never touches our servers.
View security posture →03
Public ledger of every confirmed attack pattern AWAIS observed across the mesh. Updated as patterns are catalogued.
Open the incident log →04
Uptime, cron health, and ecosystem-wide telemetry across all 5 verticals. No third-party status page — it's our own surface.
Check live status →Architecture at a glance
Tenant isolation is enforced at tRPC middleware — every database row is tenant-keyed before any handler runs. Every read and write carries an audited dealerId FK. Cross-tenant queries throw at the model layer; there is no path for a compromised handler to leak data between dealers.
01
User
02
Vercel Edge CDN / WAF
03
AWAIS detection
04
tRPC tenant middleware
05
Prisma ORM
06
Supabase Postgres (encrypted, PITR)
Documentation
Forward these links to your security, legal, or IT team. No login wall on any of them.
/security
Five layers, framework status, request architecture, pledges, bounty.
/awais
The category we created — embedded application-layer intelligence.
/awais/whitepaper
Architecture, threat model, cross-vertical CRDT defense. v1.0.
/awais/mesh
Federation events across 5 verticals — live propagation map.
/awais/incidents
Public ledger of catalogued attack patterns and mitigations.
/awais/red-team
$250 – $10K, 72h response, safe-harbor for good-faith researchers.
/api-docs
Webhook + REST reference. No vendor in our space publishes theirs.
/privacy
What we collect, what we don't, and what the consumer can demand.
/our-stack
Every framework, vendor, and runtime we use — published openly.
Subprocessors
Each vendor links to their own published DPA. We update this list when changes occur.
Vendor
Purpose
DPA
Subprocessor list updated when changes occur. Subscribe to the /changelog to be notified of additions or removals before they take effect.
Asks from procurement
Email goes to a human, not a queue. Same-day acknowledgement on every channel.
We sign your DPA or ours. Standard contractual clauses available. 2-business-day turnaround.
Vendor questionnaires + draft SOC 2 evidence packets shared under NDA. SIG Lite + CAIQ on file.
W-9, insurance certificates, banking info, ACH onboarding forms — same-day turnaround.
Founder will negotiate redlines directly. No legal-back-and-forth gauntlet for net-new deals.
Direct contact
Every email below resolves to a human. The founder cell at the bottom is real — text it during business hours and you’ll get a same-hour reply.
Gladius Technologies LLC · Tampa, FL · 2026