Enterprise-grade security and compliance for your AI audit trail
In Transit
TLS 1.3 for all connections
At Rest
AES-256 encryption
Cloud Provider
AWS
Primary Region
US-East-1
Architecture
Containerized microservices
RBAC
Role-Based Access Control
Authentication
API key with SHA-256 hashing
Sessions
JWT tokens with 24-hour expiry
MFA
Available for enterprise
Retention
Configurable: 7 days to 7 years
Automatic Cleanup
Expired data automatically removed
Data Deletion
Within 30 days of account closure
Meeting regulatory requirements for AI governance
GDPR Ready
Data Processing Agreement (DPA) available on request
HIPAA Ready
Business Associate Agreement (BAA) available (Comply tier)
SOC 2 Type II
In progress
Third-party service providers we use
| Provider | Purpose | Location |
|---|---|---|
| AWS | Cloud Infrastructure | US/EU |
| Neon | PostgreSQL Database | US |
| Upstash | Redis Cache | US |
| Vercel | Dashboard Hosting | US |
| Resend | Transactional Email | US |
Security Issues
security@trustscope.aiSecurity Questionnaires
sales@trustscope.ai