Skip to main content
Security and data handling

Resubly keeps renewal data private, scoped, and useful.

Resubly is built for small Finance and Ops teams that need contract-aware renewal tracking without employee monitoring or broad device access. Every control on this page is in production today — not a roadmap.

We treat contract and renewal data as sensitive business information. Access is authenticated, scoped to organization membership, and limited to the workflows Resubly is actually designed to run. We do not resell data, train AI models on customer content, or run third-party advertising trackers on the application.

Authenticated access

Every workspace is protected by Better Auth sessions, role-based organization membership, and owner-only billing controls.

Contract-aware storage

Uploaded documents are stored in Convex storage and linked to the organization and subscription records that own them.

Managed backend

Application data lives in Convex with server-side authorization checks before sensitive organization records are returned.

Controlled notifications

Renewal and billing alerts are sent only from configured channels, with lifecycle email opt-out support where appropriate.

Current Security Posture

Role-based access is enforced on organization, subscription, billing, and settings data.
Password reset email is handled through server-side Better Auth and Resend configuration.
Uploaded documents are not used for employee surveillance or device monitoring.
Account and organization deletion include a 30-day grace period before final purge.
SOC 2 is not completed yet; Resubly treats this page as a pre-SOC 2 trust signal, not a compliance claim.
Data in transit is encrypted with TLS 1.2+ across all customer-facing endpoints.
Data at rest is encrypted on the underlying managed storage and database providers.
Authentication is handled by Better Auth with secure password hashing and session management.
Backups run automatically on the managed database layer with point-in-time recovery available to engineering.
No customer contract content is used to train AI models. AI extraction calls process documents and return field values only.

What Resubly Does Not Do

Several things Resubly explicitly avoids, because they would be inconsistent with how Finance and Ops teams need a renewal tracker to behave:

  • No device or browser agents. Resubly does not install software on employee machines.
  • No usage telemetry from third-party SaaS tools. Renewal records are sourced from contracts and invoices, not surveillance.
  • No sale of customer data, ever. Resubly is funded by subscription revenue, not data brokering.
  • No third-party advertising trackers in the authenticated application.