Security-aware delivery, not security theater.

How this demo handles your data

The Build My Internal Tool demo runs entirely in your browser. It generates a sample plan locally with deterministic logic. Nothing you type is transmitted to PushStart AI, and there is no live AI model behind it yet. When we add a live AI version, it will be clearly labeled and routed through a server-side proxy with rate limits and cost controls.

How we build

• Least privilege: roles are scoped so people see only what they need.
• Audit logging: key actions are recorded with who, what, and when.
• Encryption: data is protected in transit (HTTPS) and at rest.
• Secrets stay server-side: API keys and credentials never live in browser code.
• Data minimization: we avoid collecting data the tool doesn't need, with a retention plan for what it does.
• Security review before delivery: access, logging, and data flow are checked before a tool ships.

Demos vs. client production

The PushStart AI marketing site and demos run on standard shared hosting. We do not host client production systems or sensitive client workloads there. Client systems run on a client-owned cloud account (AWS, Azure, or GCP) or dedicated hosting sized for production, so ownership and access boundaries are clear.

Compliance posture

We can align work to frameworks such as CMMC, HIPAA, FERPA, PCI, or SOC 2 when a project requires it, and scope those controls with you up front. We don't claim certification on your behalf, and nothing here is legal or compliance advice.

Work we'll decline

• Anything that asks us to weaken security or bypass a client's controls.
• Handling regulated data without the right safeguards and agreements in place.
• Projects where the honest answer is "buy the SaaS" — we'll say so instead.