The trust profile.
Where Privilege AI stands today: what is in production, what is in progress, and what we do not claim yet. Everything in the first list is verifiable in the product.
Certifications
SOC 2 Type II
Independently audited. The report is available under NDA on request.
ISO 27001
Certified. The certificate is available under NDA on request.
In production today
Tenant isolation
Every query is tenant-scoped and access is gated by matter membership. Postgres row-level security is enabled as defense in depth for non-owner database roles.
Encrypted key storage
Provider API keys are stored AES-256-GCM encrypted. Per-matter data keys are wrapped by a master key (libsodium).
Hash-chained audit ledger
Every event — message, edit, view, export — is SHA-256 chained to the previous. A verifier runs on read; if the chain ever breaks, a non-dismissible banner shows until it is reconciled.
No-training model routes
Sessions route to OpenAI and Anthropic no-train endpoints, and we do not train models on customer matter content.
Retention and legal hold
Per-matter retention windows. Legal hold suspends deletion, and deletion is name-typed with a 30-day restore window.
Controlled operator access
Operator break-glass access requires two approvers, and every access lands as a full record on the matter audit chain.
In progress
On the roadmap
Customer-managed keys
Bring-your-own KMS is planned. Today, key storage works as described above.
What we do not claim
We do not claim HIPAA readiness or GDPR certification. When a program is audited or certified, it moves up this page.
For security questions, or current program status, contact counsel@onprivilege.com. The architecture brief covers how the record is produced end to end.