Security isn't a feature we bolt on — it's the foundation we build on. WebAir AI is designed and operated with the same controls expected of enterprise SaaS, with privacy as the default at every layer.
How we think about it
We treat your Knowledge Hub like the most sensitive thing we hold — because for our customers, it usually is. Every AI request is proxied through WebAir's infrastructure so no upstream model provider ever sees your identity or your business data directly. Memory is encrypted at rest and in transit. Your data is never used to train any public model.
Standards we align to
- SOC 2 Type II: our platform, memory system, and Cortyx™ decision engine are built to the SOC 2 Type II Security and Availability trust service criteria.
- GDPR: we maintain GDPR-aligned data processing practices for EU customers, including data residency and deletion-on-request.
- HIPAA-ready: for regulated healthcare workloads, Cortyx™ supports Business Associate Agreements and configurations that meet HIPAA technical safeguard requirements.
Scope of our controls
- Platform infrastructure: data storage, encryption at rest and in transit, network isolation, access controls
- Unified memory system: strict tenant isolation, encryption, and configurable retention
- Cortyx™ decision engine: model selection, tool coordination, memory management with full audit logging
- Operational processes: incident response, change management, vendor oversight
- Personnel security: background checks, security training, least-privilege access
How to engage
Compliance documentation is available to customers and qualified prospects under NDA. Contact our security team or your account representative to request a copy or to discuss HIPAA scoping.