AICA
EN
EN RU UK ES
Sign in Start free →
//security
Security & compliance

Trust, but verify.

AICA handles sales conversations — often your most sensitive data. Here's exactly how we protect it.

Encryption

  • TLS 1.2+ in transit
  • AES-256 at rest
  • Per-tenant encryption keys
  • Field-level encryption for PII

Hosting & region

  • EU region (Cloudflare + Frankfurt)
  • US region on request
  • Data never leaves the region you pick
  • No cross-region replication without consent

PII handling

  • PII auto-masked before LLM processing
  • Configurable retention (7, 30, 90, 365 days)
  • Data deletion API
  • Right-to-be-forgotten flow

Access control

  • Six permission roles
  • SSO / SAML on Business+
  • Audit logs for every admin action
  • Per-project access scoping

Certifications

  • GDPR-compliant — DPA available
  • ISO 27001 — in progress
  • SOC 2 Type II — planned
  • Security reviews on request

Sub-processors

  • OpenAI / Anthropic / Deepgram — processing only, no training
  • Cloudflare — hosting, CDN, storage
  • Stripe — billing
  • Full list: sub-processors page
DPA

Data Processing Addendum

Our DPA is available on request and incorporates EU Standard Contractual Clauses. Sub-processor list updated continuously.

Read DPA Request signed copy

Security questions? security@aica.grow2.ai