Hosting
Structor runs on managed cloud infrastructure with a 99.9% uptime target. Production workloads are deployed in EU and US regions. [planned Q3] region pinning per workspace.
Encryption
- In transit: TLS 1.2+ enforced on every endpoint.
- At rest: Databases and backups are encrypted at rest with AES-256.
- WordPress credentials: Encrypted with per-org keys and never exposed to the browser.
Authentication
- Email + password with bcrypt hashing.
- Optional 2FA via authenticator apps. [planned Q3] WebAuthn / passkeys.
- Google SSO on Business plans, SAML SSO on Enterprise.
Data deletion
You can delete your workspace from the app at any time. We purge primary records within 30 days and from backups within 90 days. Email privacy@gostructor.com for a written confirmation.
Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| Cloud hosting | Application & database hosting | EU / US |
| OpenAI | AI model inference for content analysis | US |
| Stripe | Billing & payment processing | US / EU |
| Resend / SMTP | Transactional email delivery | US / EU |
| Matomo (self-hosted) | Privacy-friendly analytics | EU |
Vulnerability disclosure
We accept reports at security@gostructor.com. We aim to acknowledge reports within 2 business days and to fix critical issues within 30 days. We do not currently run a paid bug bounty [planned Q4].
Status
Live system status is available at https://status.gostructor.com.