Skip to main content

Your Data. Protected at Every Step.

Security and privacy are foundational to how we build. We take data protection seriously and work to align our practices with leading industry frameworks.

SOC 2 Aligned

Security controls aligned
with SOC 2 framework

ISO 27001 Aligned

Information security practices
aligned with ISO standards

Privacy Focused

Designed to support
GDPR and privacy regulations

Security Framework

Our Security Approach

We align our security practices with recognized industry frameworks and work with infrastructure providers who maintain independent certifications.

SOC 2 Aligned

Our security controls are designed to align with the SOC 2 Trust Services Criteria for data security and availability.

  • Access controls, encryption, and incident response
  • Built on SOC 2 certified infrastructure providers
  • Ongoing security reviews

ISO 27001 Aligned

Information security management practices designed in alignment with ISO 27001 standards.

  • Covers key security domains
  • Regular internal security reviews
  • Continuous improvement process

Regulatory Awareness

Our platform is designed with regulatory requirements in mind, supporting your compliance obligations.

  • GDPR and privacy regulation support
  • Financial services considerations
  • Configurable data handling policies
Data Protection

Security at Every Layer

We apply a layered approach to security across our infrastructure, data handling, and application design.

Infrastructure & Access

  • Encryption at Rest & in Transit
    Data encrypted at rest and in transit using industry-standard encryption protocols through our infrastructure providers.
  • Access Control & Authentication
    Multi-factor authentication enforced. Role-based access controls (RBAC) with least-privilege principle. Regular access reviews.
  • Continuous Monitoring
    24/7 automated threat detection. Security Information and Event Management (SIEM) with Datadog. Incident response team on call.
  • Disaster Recovery
    Automated daily backups with geographic redundancy. RTO: 4 hours. RPO: 1 hour. Quarterly disaster recovery tests.

Design & Governance

  • Security & Privacy by Design
    Security review in all development phases. Threat modeling for new features. Privacy impact assessments before deployment.
  • Incident Response
    Documented incident response plan. Trained response team. Initial notification within 24 hours of discovery.
  • Vulnerability Management
    Regular penetration testing. Automated vulnerability scanning. Third-party security assessments annually.
  • Employee Training
    Annual security awareness training for all staff. Regular phishing simulations. Onboarding security certifications.

Request a detailed security assessment: We provide comprehensive documentation and are happy to discuss your specific security requirements with your team.

Infrastructure

Trusted AI Infrastructure

Built on trusted platforms from leading cloud and AI providers.

Azure OpenAI

Foundation models hosted on Microsoft's cloud infrastructure with audit logging and access controls.

AWS Bedrock (Anthropic Claude)

Managed service providing access to advanced models with security controls and privacy protections.

Supabase PostgreSQL

Open-source PostgreSQL with built-in encryption and automated backups on secure cloud infrastructure.

PropelAuth

Modern authentication platform with passwordless sign-in, SSO, and comprehensive audit trails.

Datadog Monitoring

Real-time system monitoring, log aggregation, and security alerting across all infrastructure components.

MongoDB (Optional)

Flexible document database with field-level encryption, role-based access, and automated compliance.

Privacy & Compliance

Regulatory Compliance

Our platform is designed to support your organization's compliance obligations across key regulatory frameworks.

GDPR

Designed to support GDPR requirements including data access, erasure, and portability. Data processing agreements available upon request.

HIPAA

Built on HIPAA-eligible infrastructure. Business Associate Agreements available upon request for applicable use cases.

CCPA/CPRA

Designed to support California Consumer Privacy Act requirements including data access, deletion, and opt-out requests.

Financial Services

Designed with financial services regulatory considerations in mind. Built to support your organization's compliance requirements.

Data Residency

Data storage location controls. Support for EU data residency. Geographic redundancy without cross-border transfer.

Compliance Audits

Annual independent audits. Compliance documentation available. Transparent security and privacy reporting.

Ready to get started?

Let's discuss how we can deliver AI solutions while maintaining your security and compliance standards.

Book a Demo