Trust

The trust profile.

Where Privilege AI stands today: what is in production, what is in progress, and what we do not claim yet. Everything in the first list is verifiable in the product.

Certifications

SOC 2 Type II

Independently audited. The report is available under NDA on request.

ISO 27001

Certified. The certificate is available under NDA on request.

In production today

Tenant isolation

Every query is tenant-scoped and access is gated by matter membership. Postgres row-level security is enabled as defense in depth for non-owner database roles.

Encrypted key storage

Provider API keys are stored AES-256-GCM encrypted. Per-matter data keys are wrapped by a master key (libsodium).

Hash-chained audit ledger

Every event — message, edit, view, export — is SHA-256 chained to the previous. A verifier runs on read; if the chain ever breaks, a non-dismissible banner shows until it is reconciled.

No-training model routes

Sessions route to OpenAI and Anthropic no-train endpoints, and we do not train models on customer matter content.

Retention and legal hold

Per-matter retention windows. Legal hold suspends deletion, and deletion is name-typed with a 30-day restore window.

Controlled operator access

Operator break-glass access requires two approvers, and every access lands as a full record on the matter audit chain.

In progress

Terms, privacy policy, and DPA

Being finalized with counsel; the current drafts are available on request. See terms, privacy, and DPA.

On the roadmap

Customer-managed keys

Bring-your-own KMS is planned. Today, key storage works as described above.

What we do not claim

We do not claim HIPAA readiness or GDPR certification. When a program is audited or certified, it moves up this page.

For security questions, or current program status, contact counsel@onprivilege.com. The architecture brief covers how the record is produced end to end.