Your compliance data deserves the highest level of protection. Here's how we keep it safe.
All data is encrypted using AES-256 encryption at rest. Your compliance data, bias reports, and documentation are protected with industry-standard encryption.
All connections use TLS 1.3. We enforce HTTPS for all API endpoints and web traffic with HSTS enabled.
All data is stored in EU data centers (Frankfurt). We never transfer data outside the EU without explicit consent.
We are working towards SOC 2 Type II certification. Our security controls are designed to meet the Trust Services Criteria.
Role-based access control (RBAC) ensures team members only access what they need. All access is logged and auditable.
Immutable audit logs track all actions. Logs are retained for 7 years to meet regulatory requirements.
We do not use your data to train AI models. Your data is yours, and we only process it to provide the service.
Automated daily backups with point-in-time recovery. Backups are encrypted and stored in a separate availability zone.
Compliant
In Progress
Planned 2026
Available on Enterprise
A compliance tool should survive its own audit. See our EU AI Act self-scan, voluntary FRIA, and category-by-category Annex III self-assessment — generated with our own product, published in full.
See the results →We use industry-leading cloud providers with SOC 2, ISO 27001, and GDPR compliance. All infrastructure is deployed in the EU (Frankfurt region).
DDoS protection, Web Application Firewall (WAF), and intrusion detection systems protect against attacks. All traffic is monitored 24/7.
We conduct regular penetration tests with third-party security firms. Vulnerabilities are addressed according to their severity within defined SLAs.
We take security seriously. If you discover a security vulnerability, please report it responsibly:
Email: security@guardia-ai.com
Please include a detailed description of the vulnerability and steps to reproduce. We aim to respond within 24 hours and will keep you updated on our progress.
We're happy to discuss our security practices in detail.