Datum only works if builders trust us with sensitive material: invoices, supplier quotes, payroll exports, and bids. Protecting that data is foundational to the product, not an afterthought. Here's how we approach it.
The documents you provide and the cost record built from them belong to you. We do not sell your data, we do not share your cost data with other builders, and we do not use the documents you upload to train third-party or public AI models. Each organization's data is logically isolated so one customer can never see another's.
Data is encrypted in transit using TLS, and encrypted at rest in our infrastructure. Connections to Datum are served over HTTPS only.
Billing is handled by Stripe, a PCI-DSS Level 1 certified payment provider. Datum never sees or stores your full card number.
The Service runs on modern, reputable cloud infrastructure (including Cloudflare) with network-level protections such as TLS termination and DDoS mitigation, plus regular backups designed to protect against data loss.
Access to production systems and customer data is limited to authorized personnel who need it to operate and support the Service, and is protected by authentication controls. We follow least-privilege principles and review access as the team grows.
You can export your data or request deletion at any time. When you close your account, we delete or de-identify your data in line with our Privacy Policy and legal obligations. Business customers can request a Data Processing Agreement (DPA).
If you believe you've found a security issue, please email security@datumcost.com. We take reports seriously and will respond promptly. As Datum grows we plan to expand our security program, including formal third-party assessments.