> ## Documentation Index
> Fetch the complete documentation index at: https://recurr.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Performance

> What subscribers feel — fast loads worldwide, private by default, encrypted everywhere. The engineering behind a polished subscriber experience.

Edge-distributed, privacy-aligned, encrypted at every layer. The infrastructure subscribers don't have to think about.

## Fast worldwide

Subscriber surfaces are served from edge nodes on every continent. Same speed for subscribers anywhere — the network round-trip is short whether they open the page from a major market or a long way from one.

<CardGroup cols={2}>
  <Card title="Global CDN" icon="globe">
    Static assets and HTML cached at the edge. Origin requests only when content changes.
  </Card>

  <Card title="Lean payloads" icon="zap">
    Small bundles, lazy-loaded routes, minimal third-party scripts. Quick even on slow networks.
  </Card>
</CardGroup>

## Private by default

GDPR and CCPA aligned. Standard subscriber rights apply by default, and every analytics or operational vendor we use is disclosed in the sub-processor inventory at signing.

* **Regulatory alignment**: GDPR (EU) and CCPA (California) aligned. Standard Contractual Clauses for EU-US data transfers in the DPA.
* **Sub-processor inventory**: every vendor that touches subscriber data is named in the DPA at signing. 30-day notification on changes.
* **Subscriber rights**: data access, rectification, deletion, and portability honoured by default — no special-request form needed.

## Encrypted everywhere

Subscriber data is encrypted in storage and in transit. Card details never touch Recurr — Stripe holds the PCI Level 1 boundary directly.

* **In storage**: AES-256 at rest across all data stores.
* **In transit**: TLS 1.2+ on every connection between subscriber, surface, and rail.
* **Card data**: never on Recurr's perimeter. Stripe handles payment flows directly, where the strongest controls already live.

## Trust posture

For the full controls list, sub-processor inventory, DPA, and incident-response runbook, see [the security page](https://recurr.dev/security).

* 99.9% uptime SLA on subscriber-facing surfaces, with service credits in the MSA.
* SOC 2 — underlying infrastructure (Stripe, Supabase, Vercel, AWS) is SOC 2 Type II; a Recurr-side audit is targeted alongside the first enterprise deployment.
* GDPR + CCPA aligned. DPA delivered at pilot kickoff.
* Cyber liability insurance in place.

## Related

* [Trust & security →](/trust/infrastructure)
* [Bring your brand to subscribers — apply for a pilot →](https://recurr.dev/apply)
