Skip to main content

Security at Audity

Your clients trust you with their most sensitive data.

We built Audity to protect it with the same care you do: enterprise-grade encryption, strict access controls, and complete data isolation, on infrastructure that’s already SOC 2 certified.

SOC 2 Type II infrastructurePCI DSS Level 1 payments256-bit AES at restTLS encrypted in transitTenant data isolationGDPR aligned

Infrastructure

Audity is built on infrastructure that already meets the bar your clients ask about. Our partners for hosting, our database, and payments are SOC 2 Type II or PCI DSS certified and independently audited every year.

Encryption

Your data is encrypted in transit and at rest, every step of the way. We never touch credit card numbers: payments run entirely through a PCI DSS Level 1 certified processor.

Authentication

Sign-in runs on a certified identity provider with multi-factor authentication available to everyone. Access is role-based, so people only see what they should.

File security

Every document you upload is checked, encrypted, and tied to your account. One client can never see another client’s files.

Privacy

We collect only what we need to run your discoveries, and we never sell your data. It’s yours: export it or delete it whenever you want.

AI processing

Your data is never used to train AI models. The providers we use commit to the same, by default, under their enterprise terms.

Your data, your control

You stay in charge of your data and your clients’ data, start to finish.

You own your data

Everything you put into Audity stays yours. Export it any time.

We’re the processor, not the owner

You decide how your data is used. Audity just runs the work for you.

Client confidentiality

Every client’s information is walled off from every other account.

DPA on request

Need a Data Processing Addendum for procurement? Email us and we’ll set it up.

How we handle AI

AI runs your discoveries. It never gets to keep or learn from your data.

No model training

Your data is never used to train AI models, ours or anyone else’s.

No data sharing

Prompts go only to the provider needed to produce your result, nowhere else.

Deleted when you’re done

Providers process under enterprise terms with training turned off by default.

Questions, answered

Need the full detail for a security review? It’s all on the compliance page.

Questions about security?

We’re happy to walk through our security practices, share a questionnaire, or set up a DPA for your review.