Enterprise-Grade Security

Your compliance data deserves the highest level of protection. Here's how we keep it safe.

Security Features

🔐

Encryption at Rest

All data is encrypted using AES-256 encryption at rest. Your compliance data, bias reports, and documentation are protected with industry-standard encryption.

🔒

Encryption in Transit

All connections use TLS 1.3. We enforce HTTPS for all API endpoints and web traffic with HSTS enabled.

🏢

EU Data Residency

All data is stored in EU data centers (Frankfurt). We never transfer data outside the EU without explicit consent.

🛡️

SOC 2 Type II

We are working towards SOC 2 Type II certification. Our security controls are designed to meet the Trust Services Criteria.

🔑

Access Control

Role-based access control (RBAC) ensures team members only access what they need. All access is logged and auditable.

📝

Audit Logging

Immutable audit logs track all actions. Logs are retained for 7 years to meet regulatory requirements.

🚫

No AI Training

We do not use your data to train AI models. Your data is yours, and we only process it to provide the service.

🔄

Regular Backups

Automated daily backups with point-in-time recovery. Backups are encrypted and stored in a separate availability zone.

Compliance & Certifications

🇪🇺

GDPR

Compliant

📋

SOC 2 Type II

In Progress

🏆

ISO 27001

Planned 2026

🏥

HIPAA

Available on Enterprise

We ran Guardia AI on itself

A compliance tool should survive its own audit. See our EU AI Act self-scan, voluntary FRIA, and category-by-category Annex III self-assessment — generated with our own product, published in full.

See the results →

Infrastructure

Cloud Provider

We use industry-leading cloud providers with SOC 2, ISO 27001, and GDPR compliance. All infrastructure is deployed in the EU (Frankfurt region).

Network Security

DDoS protection, Web Application Firewall (WAF), and intrusion detection systems protect against attacks. All traffic is monitored 24/7.

Penetration Testing

We conduct regular penetration tests with third-party security firms. Vulnerabilities are addressed according to their severity within defined SLAs.

Vulnerability Disclosure

We take security seriously. If you discover a security vulnerability, please report it responsibly:

Email: security@guardia-ai.com

Please include a detailed description of the vulnerability and steps to reproduce. We aim to respond within 24 hours and will keep you updated on our progress.

Questions About Security?

We're happy to discuss our security practices in detail.