You trust us with your AI governance data. We take that seriously — with defense-in-depth security, rigorous access controls, and transparent practices.
Our security posture is built on six pillars, each designed to protect your data at every layer.
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Database fields containing sensitive data use additional application-layer encryption.
Hosted on SOC2-compliant cloud infrastructure with geographic redundancy. Network segmentation, WAF, DDoS protection, and continuous monitoring.
Role-based access control (RBAC), multi-factor authentication, SSO/SAML support, and comprehensive audit logs for all data access.
Regular third-party penetration testing, vulnerability assessments, and security audits. SOC2 Type II compliance program in progress.
Background checks for all employees. Security training, incident response procedures, and responsible disclosure program.
24/7 security monitoring with defined incident response playbooks. Customer notification within 72 hours of confirmed data breaches.
Clear, unambiguous commitments we make to every customer.
We designed our data practices to minimize what we store and maximize what you control.
We store references and hashes — not your prompts, responses, or sensitive content. Your data stays in your systems.
We retain only what's needed to provide the service. Evidence metadata is kept per your configured retention policy; everything else is ephemeral.
Every evidence pack is cryptographically hashed for integrity verification. Tamper-proof by design — auditors can verify nothing was altered.
Export or delete your data at any time. Upon account termination, all data is purged within 90 days unless legally required.
Trust service criteria for security, availability, and confidentiality.
EU General Data Protection Regulation compliance.
California Consumer Privacy Act compliance.
BAA available for healthcare customers on Enterprise plans.
If you believe you've found a security vulnerability in AILeyTech, please report it responsibly. We appreciate security researchers who help us keep our platform safe.
Report vulnerabilities to [email protected]
We're happy to answer detailed security questions, provide our security documentation, or arrange a call with our security team.