Every document we handle is one our customers can't afford to leak.
Here's how we protect them — encryption at every layer, zero-training guarantees, and configurable retention.
Where we stand.
SOC 2 Type II
Kickoff imminent. Pre-audit controls documented. Interim security docs available under NDA.
GDPR & CCPA
EU Standard Contractual Clauses. DSAR tooling built-in.
HIPAA
PHI encryption and access controls in place today. BAA signing capability in development — talk to sales about your timeline.
Your Retention
Configure retention per project. One-click GDPR erasure.
Encryption, isolation, guarantees.
Bank-grade encryption
Your documents and extracted data are encrypted at every layer — on disk, in transit, and in memory during processing.
- AES-256-GCM encryption at rest across all storage tiers
- TLS 1.3 for all API requests. TLS 1.2+ strict minimum enforced
- Customer-managed encryption keys (CMEK) available on Enterprise
- Hardware security modules (HSM) for key storage
- Logical tenant isolation for every customer workload
Zero-training guarantee
Your data is never used to train our models. Not ours, not our partners', not third-party foundation models. Contractually guaranteed.
- Zero Data Retention Agreement available on Growth+ tiers
- Customer documents never shared with upstream foundation-model providers
- No human review of customer documents without explicit written consent
- Isolated inference infrastructure — no cross-tenant data leakage possible
- Customer audit logs retained 2 years; customer data retained per your policy
Full security docs, on request.
Interim security documentation, penetration test summaries, and compliance roadmap available under NDA. Our security team responds within one business day.