Compliance

Last updated: April 2026

PCI-DSS Compliance

Custom21 never stores, processes, or transmits credit card data on our servers. All payment processing is handled entirely by Stripe, a PCI Level 1 certified service provider.

  • Card data entered directly into Stripe Elements — never touches our servers
  • We store only Stripe customer IDs and subscription IDs — no card numbers, CVVs, or expiration dates
  • Stripe webhook signatures verified on every incoming event

Data Security

  • Encryption in transit: All connections use TLS 1.2+ (HTTPS enforced via Certbot SSL)
  • Encryption at rest: Supabase PostgreSQL with AES-256 encryption at rest
  • Authentication: Supabase Auth with JWT tokens, cookie-based sessions
  • Authorization: Row-level security — every database query filtered by user_id or client_id
  • Security headers: X-Content-Type-Options, X-Frame-Options, XSS-Protection, Referrer-Policy
  • Rate limiting: API endpoints protected against abuse
  • File storage: Supabase Storage with signed URL access controls (time-limited, per-file)

GDPR / Data Protection

Custom21 respects data protection rights. If you are located in the EU/EEA or a jurisdiction with similar protections:

  • You may request access to all personal data we hold about you
  • You may request correction of inaccurate data
  • You may request deletion of your data (right to be forgotten)
  • You may request data portability (export in machine-readable format)
  • Data retained for duration of service + 60 days post-cancellation

Submit requests to [email protected]. We respond within 30 days.

AI Compliance

Custom21 uses Anthropic Claude for AI-assisted features. Our AI usage complies with:

  • Anthropic's Acceptable Use Policy
  • Client data sent to AI is limited to project brief data needed for generation
  • No payment data, passwords, or sensitive PII is sent to AI models
  • All AI outputs are reviewed by humans before client delivery

Accessibility

Custom21 aims to build client sites that meet WCAG 2.1 Level AA standards. The Custom21 platform itself follows web accessibility best practices including semantic HTML, keyboard navigation support, and sufficient color contrast ratios.

Contact

Compliance questions? Email [email protected].