Everything a CMO or procurement team needs to diligence Cabbge. Each document below is a live, versioned page; "Last updated" reflects the current draft.
Terms of Service
Subscription terms, acceptable use, liability, and jurisdiction.
Privacy Policy
What data we collect, sub-processors we use, and your rights under the DPDP Act.
Data Processing Agreement
DPA that controls Cabbge's processing of personal data on your behalf. Signed counterpart available on request.
Security posture
Summary below. Full answers to standard infosec questionnaires (SIG Lite, CAIQ) available on request.
Security at a glance
- Hosting: Vercel (app) + Supabase on AWS ap-south-1, Mumbai (database + auth + storage).
- Encryption: TLS 1.2+ in transit, AES-256 at rest.
- Access control: role-based; production data accessed only by personnel with documented need.
- Tenant isolation: row-level security on every customer-owned table. Users can only read and modify their own company's data.
- Secrets: environment variables only; never in source control.
- AI providers: OpenAI and Google Gemini operate under commercial API agreements that prohibit training on our prompts or completions.
- Backups: automatic through Supabase; point-in-time restore available.
- Breach response: 72-hour notification to affected customers, in line with DPDP Act timelines.
- Subprocessors: full list with region, purpose, and data type on the Privacy Policy.
AI scan accuracy
Cabbge runs real prompts against ChatGPT, Gemini, Perplexity, Claude, and Grok with web grounding enabled and reports what each engine actually said. The Service does not modify, edit, or fabricate AI responses. Scores are derived from the engines' output via the documented methodology. If a customer disputes a result, we will replay the scan and surface the raw response on request.
Questions
legal@cabbge.com privacy@cabbge.com security@cabbge.com sales@cabbge.com