Security isn't a feature we bolt on — it's the foundation we build on. Today we're announcing the completion of our SOC 2 Type II audit, covering the Security and Availability trust service criteria over a twelve-month observation period.
What this means
A SOC 2 Type II report evaluates whether our controls were designed appropriately *and* operated effectively over time. This isn't a point-in-time snapshot — it's a sustained examination of how we handle data, access, and infrastructure security.
Scope
The audit covered:
- WebAir AI platform infrastructure: data storage, encryption at rest and in transit, access controls
- Unified memory system: privacy controls, encryption, isolation between users
- Cortyx™ decision engine: model selection, tool coordination, memory management
- Operational processes: incident response, change management, vendor oversight
- Personnel security: background checks, security training, access provisioning and deprovisioning
Access
The full report is available to customers and qualified prospects under NDA. Contact our security team or your account representative to request a copy.
GDPR and HIPAA
We maintain GDPR-compliant data processing practices for EU customers. For organizations in regulated healthcare, Cortyx™ infrastructure is HIPAA-ready — we can execute Business Associate Agreements and support configurations that meet HIPAA technical safeguard requirements. Contact us for details on scoping.