Back to Home
Try DemoSign In

Trust Center

Security, privacy, and compliance at SOX&AUDIT

We take security seriously. Our platform is built with enterprise-grade security controls to protect your sensitive audit data. We maintain strict data handling practices, responsible AI commitments, and work toward industry certifications. Review our security practices, policies, and compliance status below.

SSO/SAML ReadyRole-Based AccessAudit LoggingSOC 2 In Progress
Business Info

Security Contact

security@soxaudit.ai

Security & Compliance

SOC 2 Type II

In Progress

Audit in progress - Report expected Q2 2025

Encryption

Active

AES-256 at rest, TLS 1.3 in transit, key rotation

Infrastructure

Active

Microsoft Azure (US-West, US-East, EU-West)

Data Residency

Active

Customer-configurable by region (US, EU, AU)

Responsible AI

No model training on Customer Data

We never use your data to train, fine-tune, or improve general-purpose AI models.

Human oversight required

AI-generated outputs require human review before finalization in your audit workflows.

Zero retention with AI providers

We use zero-retention API tiers with OpenAI and Google. Your data is not stored by LLM providers.

Audit trail for AI decisions

All AI-assisted decisions are logged with timestamps, model versions, and inputs for compliance.

Data Retention

Active data

Retained during subscription term plus 90-day export window after termination.

Audit logs

Retained for 7 years to support SOX compliance requirements.

Backups

Encrypted backups retained for 30 days, then securely deleted.

Data deletion

Request deletion anytime via security@soxaudit.ai. Processed within 30 days.

Documents

Information Security Policy
Access Control Policy
Data Management Policy
AI Usage & Responsible AI Policy
Business Continuity Policy

Subprocessors

Third-party subprocessors SOX&AUDIT works with:

Microsoft Azure

Cloud infrastructure, blob storage, and hosting

Privacy
OpenAI

Large language model API (GPT-4o, GPT-4o-mini)

Privacy
Google Cloud

AI/ML services (Gemini) for document processing

Privacy