Data storage
- Storage Location: We utilize Amazon Web Services (AWS) S3 for storing data. Data is encrypted at rest and in transit.
- Access Permissions: Access to the AWS S3 storage is strictly limited to our AWS Lambda executor. This ensures that only authorized and authenticated processes can interact with the stored data, minimizing the risk of unauthorized access.
- Data Retention: We have a Zero Data Retention policy (ZDR) for users on our “Growth” tier and above, meaning all data submitted via API is set to expire within 24 hours. This means that any data older than 24 hours is automatically deleted, reducing the amount of data we retain and minimizing the potential impact of any data breaches.
- Data Usage: For users on our “Growth” tier and above, we never use any of their data for training purposes. We respect the privacy of our customers and ensure only they have access to the data from their requests.
Encryption
- Encryption at Rest: All data stored in AWS S3 is encrypted at rest using industry-standard encryption algorithms. This means that even if unauthorized individuals were to gain access to the stored data, they would not be able to decipher it without the proper encryption keys.
- Encryption in Transit: We employ encryption protocols to protect data in transit. All communication between our systems and the data storage is conducted over secure channels using encryption mechanisms such as SSL/TLS. This ensures that data remains confidential and tamper-proof during transmission.
Compliance
- SOC 2 Type 2: We have completed our SOC 2 Type I and Type II process. Please reach out to receive the report. This rigorous certification demonstrates our commitment to maintaining a secure and reliable system. It involves a comprehensive audit of our security controls, policies, and procedures by an independent third party.
- HIPAA Compliance: We currently offer a HIPAA compliant processing pipeline for Growth and Enterprise tier customers. By adhering to HIPAA regulations, we ensure that any PHI processed by our system is handled with the utmost care and in compliance with the stringent security and privacy standards set forth by HIPAA. Please reach out to us via email to sign a BAA with us.
List of authorized subprocessors
Company | Description | Country (where subprocessing takes place) |
---|---|---|
Amazon Web Services, Inc. (AWS) | Cloud Infrastructure | United States |
OpenAI, LLC | Artificial Intelligence | United States |
Anthropic PBC | Artificial Intelligence | United States |
Functional Software, Inc. (Sentry) | Error Monitoring | United States |
PostHog, Inc. | Product Analytics | United States |
Google Cloud | Cloud Infrastructure – Alternative | United States |
Modal Labs, Inc. | Cloud Infrastructure | United States |