Security, privacy, and compliance at SOX&AUDIT
We take security seriously. Our platform is built with enterprise-grade security controls to protect your sensitive audit data. We maintain strict data handling practices, responsible AI commitments, and work toward industry certifications. Review our security practices, policies, and compliance status below.
Website
soxaudit.aiSecurity Contact
security@soxaudit.aiAudit in progress - Report expected Q2 2025
AES-256 at rest, TLS 1.3 in transit, key rotation
Microsoft Azure (US-West, US-East, EU-West)
Customer-configurable by region (US, EU, AU)
No model training on Customer Data
We never use your data to train, fine-tune, or improve general-purpose AI models.
Human oversight required
AI-generated outputs require human review before finalization in your audit workflows.
Zero retention with AI providers
We use zero-retention API tiers with OpenAI and Google. Your data is not stored by LLM providers.
Audit trail for AI decisions
All AI-assisted decisions are logged with timestamps, model versions, and inputs for compliance.
Active data
Retained during subscription term plus 90-day export window after termination.
Audit logs
Retained for 7 years to support SOX compliance requirements.
Backups
Encrypted backups retained for 30 days, then securely deleted.
Data deletion
Request deletion anytime via security@soxaudit.ai. Processed within 30 days.