Security & Compliance

We protect your sensitive security documentation with enterprise-grade security measures.

Built with Security in Mind

Your security documentation deserves the highest level of protection

🔒

Encrypted Everything

AES-256 encryption at rest, TLS 1.3 in transit. Your data is always protected.

🏛️

SOC 2 Type II

Independently audited and certified for security, availability, and confidentiality.

🚫

Zero Training

We never use your data to train AI models. Your information stays yours.

Comprehensive Security Measures

Infrastructure Security

  • Cloud Infrastructure

    Hosted on AWS with multi-region redundancy and automatic failover

  • Network Security

    WAF protection, DDoS mitigation, and private VPC isolation

  • Data Encryption

    AES-256 encryption at rest, TLS 1.3 for all data in transit

  • Backup & Recovery

    Daily automated backups with point-in-time recovery

Application Security

  • Authentication

    Multi-factor authentication, SSO/SAML support for Enterprise

  • Access Control

    Role-based permissions with granular access controls

  • Audit Logging

    Comprehensive audit trails for all user actions and data access

  • Secure Development

    Regular security testing, dependency scanning, and code reviews

Compliance & Certifications

SOC 2

SOC 2 Type II

Annual audit completed

GDPR

GDPR Compliant

EU data protection

CCPA

CCPA Compliant

California privacy rights

ISO 27001

ISO 27001

Certified

Your Data, Your Control

Data Ownership

You retain full ownership of all data uploaded to AnswerPilot. We act solely as a data processor and never claim any rights to your content. You can export or delete your data at any time.

AI Training Policy

We never use customer data to train our AI models. Each organization's data is completely isolated and processed in dedicated environments. The AI sees your data only during active questionnaire processing.

Data Retention

We retain your data only as long as you maintain an active account. Upon account deletion, all data is permanently removed within 30 days, with no backups retained beyond this period.

Third-Party Sharing

We never sell, share, or disclose your data to third parties. The only exception is our infrastructure providers (AWS) who are bound by strict data processing agreements.

Questions About Our Security?

Our security team is here to answer any questions about how we protect your data

Contact Security Team