Security & Privacy

Enterprise-grade security and privacy protection for your research data

256-bit Encryption

All data encrypted in transit and at rest

GDPR Compliant

Full compliance with EU data protection

99.9% Uptime SLA

Enterprise reliability guarantee

Data Security

Encryption

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted backups with secure key management
  • End-to-end encryption for sensitive reports (Enterprise tier)

Infrastructure Security

  • Hosted on secure cloud infrastructure with SOC 2 Type II certification
  • Regular security audits and penetration testing
  • Automated vulnerability scanning and patching
  • 24/7 security monitoring and incident response

Access Control

  • Multi-factor authentication (MFA) support
  • Role-based access control (RBAC) for team accounts
  • SSO integration for Enterprise customers (SAML 2.0)
  • Audit logs for all user activities and data access

Privacy & Data Protection

Your Data Belongs to You

  • You retain full ownership of all reports and data you create
  • We never sell, rent, or share your data with third parties
  • Your reports are private and only accessible by you (and team members you invite)
  • Export your data anytime in PDF, Markdown, or JSON formats

GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR) and respect your privacy rights:

  • Right to Access: Request a copy of your personal data at any time
  • Right to Rectification: Correct any inaccurate personal data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing of your personal data

Data Retention

  • Active account data is retained for as long as your account is active
  • After account deletion, personal data is removed within 30 days
  • Backups are retained for 90 days for disaster recovery purposes only
  • Financial records retained as required by law (typically 7 years)

AI & Data Processing

How We Use AI Responsibly

ResearchAI uses Anthropic's Claude AI to generate research reports. Here's how we protect your data:

  • No Training on Your Data: Your reports and inputs are never used to train AI models
  • Enterprise-Grade AI: We use Anthropic Claude with enterprise privacy commitments
  • Data Minimization: We only send necessary information to AI services
  • Secure Processing: All AI processing happens through encrypted connections
  • Transparency: All reports include methodology disclosure

Compliance & Certifications

Current Compliance

  • GDPR (EU)
  • CCPA (California)
  • PCI DSS (Payment processing)

In Progress

  • SOC 2 Type II (Q2 2024)
  • ISO 27001 (Q3 2024)
  • HIPAA Compliance (Enterprise)

Questions About Security?

Our security team is here to help answer any questions about our security practices.

Email Security TeamContact Sales