Shape Technology security and trust

Built for clarity. Protected by design.

Security information for Shape Technology's use of Fi, powered and operated by Cellect AI.

14published answers
10providers disclosed
1accountable security owner
0known confirmed breaches

Our approach

Plain answers, backed by evidence.

We separate controls that exist today from improvements still underway. Draft policies and plans never become public claims by accident.

01

Access by design

Fi uses explicit organization, company, project, and capability grants, with default denial when no grant exists.

02

Sensitive data, minimized

Financial, identity, tax, banking, and project data receive handling based on sensitivity and workflow need.

03

Honest AI governance

Commercial AI APIs are disclosed. We do not claim zero retention until provider configuration is verified.

04

Evidence over badges

Policies, reviews, tests, access records, and recovery results are mapped to the controls they support.

Common questions

Start your security review here.

Does Shape Technology have a SOC 2 report?Current

Cellect is preparing for an initial SOC 2 Type I examination scoped to Fi and the systems that support its production operation. No report has been issued yet, and Cellect does not represent itself as SOC 2 compliant or certified.

Who operates Shape Technology?Current

CellectAI Inc is currently owner-operated with no employees or contractors holding production access. Controls are designed for that actual operating model rather than assuming a larger security organization.

Where is Fi hosted?Current

Fi runs on Cellect-managed infrastructure in a restricted-access United States office environment. Detailed network and physical-location information is shared only when appropriate during a security review.

How is physical access restricted?Current

The office is protected by keypad access. Production equipment and access credentials are controlled by Cellect's owner, the only person currently authorized for physical or administrative access.

How is customer access separated?Current

Fi applies organization, company, project, and capability-level authorization. A user without an explicit resource grant cannot view that resource, and administrative routes require elevated authorization.

How are users authenticated?Current

Fi uses centralized identity through Cellect's identity provider and short-lived application sessions. Administrative access is distinct from ordinary customer access.

View all security answers

Need the evidence?

Review restricted documents securely.

SOC reports, assessments, detailed policies, and diagrams are shared only after a manual business review.

Request access