Trust, Transparency, and Technical Truth.
Our security posture, compliance certifications, and data handling practices—explained in plain language.
1. Zero-Training Guarantee
Your data will never train our models. We contractually guarantee that your uploaded documents and extracted data are never used to improve our foundation models, third-party AI systems, or any machine learning pipelines outside your explicit workflows.
Regardless of retention settings, this guarantee applies from the moment you upload to permanent deletion.
2. Client-Controlled Retention
| Retention Setting | Use Case | Data Deleted |
|---|---|---|
| 0 Days | Maximum security | Immediately after processing |
| 7 Days | Short audit trails | Rolling 7-day window |
| 30 Days | Standard operations | Rolling 30-day window |
| 90 Days | Extended compliance | Rolling 90-day window |
| Unlimited | Long-term archival | Never (unless manual) |
3. Infrastructure Security
SOC 2 Type II Ready
Annual audits by independent third parties. Report available under NDA.
Encryption Standards
AES-256 at rest, TLS 1.3 in transit. Key management via AWS KMS.
4. Compliance Frameworks
GDPR Ready
Data Processing Agreements (DPA) available. EU data residency options.
CCPA Aligned
Consumer data rights supported for California residents.
HIPAA Ready (Enterprise)
Business Associate Agreements (BAA) and dedicated VPC tenants.
5. Incident Response
Notification within 24 hours of any confirmed security incident affecting customer data.
- Incident detected and contained
- Root cause analysis initiated
- Affected customers notified
- Public transparency report published