How we protect your content

Your content stays yours, and isolated.

Still Needs a Human is a multi-tenant translation quality platform. Every workspace is isolated, we keep the least data we can, and access is authenticated and role based. This page describes the actual practices, not a badge on a wall.

Least data, isolated by design, and a human in control.
The practices behind the platform, stated plainly
Our posture

What we protect, and how.

We are a working SaaS, not a certification. Rather than claim audit badges we cannot yet show, here is exactly how your content is handled at each layer, from the workspace boundary to the AI judge.

Isolated by workspace

Each customer works inside its own workspace. Profiles, QA configs, uploaded files, and reports are kept to that tenant and are not visible to any other workspace.

Least data by default

We process your bilingual files to run QA and produce a report, and no more. We do not sell your data, and we do not train shared models on it across customers.

Access is controlled

The app is authenticated. Sign-in is per workspace, and role-based access scopes what each admin, reviewer, and viewer can see and do.

The default workspace is byte-for-byte unchanged. Isolation is added around it, never through it.
Data and content handling

How your files move through the platform.

From the moment a bilingual file lands to the moment a report is produced, here is where your content lives and what touches it.

Isolation

Per-workspace boundary

Every profile, configuration, uploaded file, and report belongs to a single workspace. There is no shared pool of customer content, and one tenant cannot read another tenant's data. The default workspace remains exactly as it was, untouched by tenant additions.

Content

Processed, not pooled

Uploaded bilingual files are processed to run QA and generate results for your workspace only. They are not shared across workspaces, not sold, and not used to train shared models. We keep the least data needed to do the job and give you the report.

Access

Authenticated and scoped

The application requires authentication. Sign-in is per workspace, and roles decide what each member can reach. Admins, reviewers, and viewers see only what their role and their workspace allow.

Your content stays inside your workspace
AI providers

The AI judge is optional, and it is fenced.

Deterministic rules do most of the work with no model involved. When the optional AI judge is used, it is opt-in, and untrusted document text is fenced before it ever reaches the model, so content in your files cannot be treated as instructions to the system.

  • Opt-in, not default

    The AI judge only runs when you choose to use it. Rule-based checks run without sending your content to any model.

  • Document text is fenced

    Untrusted text from your files is isolated as data before it reaches the model, so it cannot hijack the instructions or leak across segments.

  • A human still signs off

    The model proposes, your reviewer confirms or overrides. No verdict is final without a person, by design.

Integrations · scoped access
TMS and in-editor connections
Least privilege, no broad account access.
Scoped tokens
TMS and editors
Scoped, revocable tokens

Connections use scoped tokens. An editor or TMS integration is granted only the access it needs to read the content under check, and nothing wider.

No cross-tenant reuse
per workspace
Bound to your workspace

Integration credentials belong to the workspace that set them up. They are not shared with, or reused by, any other tenant.

You stay in control
connect and disconnect
Disconnect any time

Integrations are added by your workspace and can be removed by your workspace. Revoke access and the connection stops.

What we do, and do not, claim

Honest about the badges we do not yet hold.

We describe practices, not certifications. We are not claiming SOC 2 or ISO 27001. If a specific control matters for your procurement, ask us and we will tell you exactly where we stand.

Tenant isolation
Per-workspace boundary for profiles, configs, files, and reports.
Role-based access
Authenticated app, per-workspace sign-in, roles scope every action.
Least data
Processed for QA only. No selling, no cross-customer training.
Fenced AI
Optional AI judge, untrusted text fenced before it reaches the model.
Scoped integration tokens
TMS and editor connections use least-privilege, revocable tokens.
Responsible disclosure
A clear channel to report anything you find. See below.
Responsible disclosure

Found something? Tell us.

If you believe you have found a security issue in Still Needs a Human, we want to hear from you. Please report it privately first, give us a reasonable window to respond, and avoid accessing or changing data that is not yours while you investigate.

Report a suspected vulnerability through our contact page. Include steps to reproduce, the affected area, and how we can reach you. We will acknowledge, investigate, and keep you updated.
Reach the team at stillneedsahuman.com/contact
Security questions

Ask us anything about how we handle your content.

Procurement checklist, data handling, integration scopes, or where we stand on a specific control. Send it over and we will answer plainly.

Get in touch

Talk to a human about security.

The fastest route is our contact page. Tell us your stack and your question, and the right person will reply.

Go to contact