SOC 2 Type II

HIPAA Compliance

Infrastructure Overview

Security Controls

Zero Data Retention Policy

  • 48-hour automatic deletion policy for all customer data
  • Zero-retention agreements with OpenAI and Anthropic
  • Data never used for model training
  • Verified deletion process with audit trails

Processing Security

  • Self-hosted ML models and OCR processing
  • Isolated container environments
  • Zero-trust security model
  • End-to-end encryption
  • Real-time threat monitoring

Storage Security

  • AWS S3 with enterprise security
  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Granular bucket policies
  • Comprehensive audit logging

Data Lifecycle

1

Ingestion

Data is encrypted immediately upon upload using TLS 1.3

2

Processing

Processed in isolated containers with self-hosted ML models

3

Storage

Temporarily stored in encrypted S3 with strict access controls

4

Deletion

Automatic deletion after 48 hours with verification

For detailed implementation guidelines and security best practices, see our Authentication documentation.

Questions or security concerns? Email our security team at security@trypulse.ai.