Skip to main content

Your Data. Protected at Every Step.

Security and privacy are foundational to how we build. We take data protection seriously and work to align our practices with leading industry frameworks.

SOC 2 Type II

Independently audited
security controls

ISO 27001:2022

Certified information
security management

GDPR Compliant

Full EU data protection
regulation compliance

HIPAA Compliant

Healthcare data handling
standards met

Security Framework

Our Security Approach

We align our security practices with recognized industry frameworks and work with infrastructure providers who maintain independent certifications.

SOC 2 Type II Certified

Independently audited against SOC 2 Trust Services Criteria for security, availability, and confidentiality.

  • Access controls, encryption, and incident response
  • Third-party audit completed February 2025
  • Continuous monitoring and annual re-certification

ISO 27001:2022 Certified

Certified information security management system covering all operational security domains.

  • Comprehensive ISMS covering all security domains
  • Certification achieved June 2025
  • Annual surveillance audits and continuous improvement

GDPR & HIPAA Compliant

Full compliance with EU data protection regulation and US healthcare data handling standards.

  • GDPR-compliant data processing and subject rights
  • HIPAA safeguards for protected health information
  • Financial services regulatory awareness built in
Data Protection

Security at Every Layer

We apply a layered approach to security across our infrastructure, data handling, and application design.

Infrastructure & Access

  • Encryption at Rest & in Transit
    Data encrypted at rest and in transit using industry-standard encryption protocols through our infrastructure providers.
  • Access Control & Authentication
    Multi-factor authentication enforced. Role-based access controls (RBAC) with least-privilege principle. Regular access reviews.
  • Continuous Monitoring
    24/7 automated threat detection. Security Information and Event Management (SIEM) with Datadog. Incident response team on call.
  • Disaster Recovery
    Automated daily backups with geographic redundancy. RTO: 4 hours. RPO: 1 hour. Quarterly disaster recovery tests.

Design & Governance

  • Security & Privacy by Design
    Security review in all development phases. Threat modeling for new features. Privacy impact assessments before deployment.
  • Incident Response
    Documented incident response plan. Trained response team. Initial notification within 24 hours of discovery.
  • Vulnerability Management
    Regular penetration testing. Automated vulnerability scanning. Third-party security assessments annually.
  • Employee Training
    Annual security awareness training for all staff. Regular phishing simulations. Onboarding security certifications.

Request a detailed security assessment: We provide comprehensive documentation and are happy to discuss your specific security requirements with your team.

Infrastructure

Trusted AI Infrastructure

Built on trusted platforms from leading cloud and AI providers.

Azure OpenAI

Foundation models hosted on Microsoft's cloud infrastructure with audit logging and access controls.

AWS Bedrock (Anthropic Claude)

Managed service providing access to advanced models with security controls and privacy protections.

Supabase PostgreSQL

Open-source PostgreSQL with built-in encryption and automated backups on secure cloud infrastructure.

PropelAuth

Modern authentication platform with passwordless sign-in, SSO, and comprehensive audit trails.

Datadog Monitoring

Real-time system monitoring, log aggregation, and security alerting across all infrastructure components.

MongoDB (Optional)

Flexible document database with field-level encryption, role-based access, and automated compliance.

Privacy & Compliance

Regulatory Compliance

Our platform is designed to support your organization's compliance obligations across key regulatory frameworks.

GDPR

Designed to support GDPR requirements including data access, erasure, and portability. Data processing agreements available upon request.

HIPAA

Built on HIPAA-eligible infrastructure. Business Associate Agreements available upon request for applicable use cases.

CCPA/CPRA

Designed to support California Consumer Privacy Act requirements including data access, deletion, and opt-out requests.

Financial Services

Designed with financial services regulatory considerations in mind. Built to support your organization's compliance requirements.

Data Residency

Data storage location controls. Support for EU data residency. Geographic redundancy without cross-border transfer.

Compliance Audits

Annual independent audits. Compliance documentation available. Transparent security and privacy reporting.

Ready to get started?

Let's discuss how we can deliver AI solutions while maintaining your security and compliance standards.

Book a Demo