We run tabletops for a living. Ours run continuously.

At general availability, Annual Tabletop runs on a SOC 2 Type II infrastructure provider in U.S. regions with a primary U.S. region and a second U.S. region pinned for disaster recovery. Data does not leave the United States by default. Enterprise / State tier customers can request pinned single-region residency and, with notice, FedRAMP-boundaried sub-processors for the components that have them. The specific GA provider is locked ahead of the migration and added to the sub-processor list with 30 days’ notice.

Multi-tenant by default, with per-tenant logical isolation enforced at the database row, object-storage prefix, and KMS key level. Every request is scoped to a tenant ID that travels in a signed request context; there is no cross-tenant read path by design. Enterprise / State and MSP / Partner customers can opt into dedicated tenancy with a per-customer VPC and KMS CMK at contract time.

Customer data is encrypted in transit with TLS 1.2 or higher and at rest with AES-256. Keys are managed in the infrastructure provider’s KMS under a per-environment CMK hierarchy; dedicated-tenancy customers get their own CMK. Database and object-storage backups run daily, are encrypted with the same CMK, and are retained for 35 days. Customer-requested deletion is honored within 30 days and propagated to backups on the backup-retention rollover.

Atlas is our AI facilitator. During an exercise, player inputs, injects, and facilitator prompts are sent to a model provider over a TLS-terminated private connection. Model providers are contractually bound to a zero-retention data-processing addendum — your exercise text is not retained by the model provider and is not used to train any model, ours or theirs. Full list of model providers below under Sub-processors. AARs are generated against a deterministic schema and stored in your tenant — they never cross back to a model provider.

We maintain a current sub-processor list at /legal/subprocessors. Categories include cloud hosting, managed database and object storage, authentication (our own stack, running on our Postgres via BetterAuth), transactional email, error monitoring, and foundation-model providers (Anthropic as primary, OpenAI as fallback — tenant-scoped, zero-retention). We commit to a 30-day notice window on new sub-processors that touch customer data, with the right to object built into every paid contract.

Primary authentication runs inside the Annual Tabletop application — no third-party identity sub-processor for self-serve tiers. Supported methods: email + password with mandatory 2FA (TOTP and WebAuthn / passkeys), magic-link sign-in, and Google / Microsoft OAuth. User records, sessions, and credentials live in our own Postgres under the primary hosting provider.

SAML 2.0 and OIDC SSO are available on Financial Institutions, Regulated SMB, MSP / Partner, and Enterprise / State tiers through an identity partner (typically WorkOS) wired at the time of deployment. SCIM provisioning ships with Enterprise / State and MSP / Partner. When enterprise SSO is engaged for a given customer, that provider is added to the sub-processor list for that environment with written notice.

Internal access to production is least-privilege, MFA-enforced, routed through a short-lived-credential broker, and logged to the same immutable audit stream that customer tenants forward to their SIEM.

Every tenant has an in-product audit log covering auth events, exercise activity, AAR generation, and admin actions. Enterprise / State and MSP / Partner customers can forward that audit stream to their SIEM (Splunk HEC, Sumo, Datadog, or generic webhook). Platform-side, we run continuous logging into a WORM-mode store retained for 400 days and alert on the control signals that matter for SOC 2 CC7.2 / CC7.3.

Compute is private-subnet only. There is no ingress from the public internet to any database or application process — all traffic is terminated at a managed load balancer and forwarded over mTLS to the service mesh. Egress to model providers is routed over a dedicated VPC endpoint or private link where the provider offers one.

SOC 2 Type II observation begins when the production environment is live at GA; target Type II report completion is 12 months after observation start. CAIQ, SIG-Lite, and HECVAT questionnaires are available under mutual NDA through the Trust Center today as self-attested responses against the GA architecture described on this page. HIPAA BAA is available at GA for covered-entity and business-associate customers on the Hospital and Enterprise / State tiers. FedRAMP equivalency sits on the Enterprise / State roadmap for the second year post-launch.

AARs are the product of record and are retained under a customer-configurable policy — default seven years to match the longest common audit retention (CJIS, HIPAA, FFIEC). Exercise transcripts behind the AAR can be retained separately or redacted on a per-exercise basis. Redacted transcripts preserve the framework crosswalk and decision log but strip participant names, free-text chat, and any content flagged as sensitive.

RPO of 24 hours and RTO of four hours for the application surface. DR runbooks are exercised on our own platform at least twice a year — the exercise is itself an AAR we publish to the status page. Our production incident-response plan maps to NIST CSF 2.0 RS.* and is reviewed at every tabletop we run internally.

WCAG 2.1 AA is the baseline across every page. A VPAT against Section 508 Revised is available to public-sector buyers on request. Day-to-day accessibility practice is documented on our accessibility page.

We publish a security.txt under security@annualtabletop.com. Responsible disclosures are acknowledged within two business days. We commit to a good-faith safe-harbor for researchers who follow CERT coordinated disclosure. Hall-of-fame acknowledgments are listed below.

Annual Tabletop runs an internal IR plan we exercise on our own product at least quarterly. Material incidents affecting customer data are disclosed to the affected customers within 72 hours of identification, in line with the commitments in our DPA. Postmortems are published to the status page.