AI Security
We use Anthropic's API — not the consumer Claude.ai product. That distinction matters for how your data is handled, retained, and protected.
Powered by Anthropic's SOC 2 Type II Certified API · Data never used to train AI models · 30-day retention max
How We Protect Your Data
We use Anthropic's API, which is independently SOC 2 Type II certified — covering Security, Availability, and Confidentiality trust service criteria. Your data is processed through the same infrastructure Anthropic's business customers use, not a consumer AI product.
Anthropic's API explicitly excludes customer data from model training by default. This is the opposite of consumer AI tools. Data you send through our agents cannot be used to improve or retrain any AI model.
Anthropic retains API prompts and responses for up to 30 days for trust and safety monitoring, then permanently deletes them. No business data persists beyond that window. Enterprise customers can eliminate storage entirely with Zero Data Retention.
Our agents do not write your data to any database. Your data lives only in the request/response cycle — processed, returned, discarded.
All data sent to the Anthropic API is encrypted in transit via TLS 1.2+ and at rest via AES-256. Every interaction between your browser and our agents uses HTTPS exclusively.
We send only what the agent needs to complete its task — no extras, no metadata, no behavioral tracking. Identifiable fields like company name are optional and can be omitted entirely without affecting output quality.
Data Transparency
What is sent to Anthropic's API
Business context
Company name and industry — both optional, used only to tailor the output
Task-relevant data
The structured input your agent needs — numbers, text, or file content you provide
Agent instructions
The analytical framework or workflow the agent follows
What is never sent
Employee names, SSNs, or personal identifiers
Bank account or routing numbers
Customer names or customer-level data
Tax IDs or legal entity identifiers
Data from other users or other sessions
Anything you did not explicitly provide
Data Retention
During processing
Seconds to minutes
Your data is processed in memory by the AI agent and the result is returned to your browser. Nothing is written to disk on our end.
Anthropic API retention
Up to 30 days
Anthropic retains API prompts and responses for trust and safety monitoring. This is Anthropic's standard API policy — separate from the consumer Claude.ai product.
After 30 days
Permanently deleted
Anthropic permanently deletes all retained API data. No business data persists beyond this window under any circumstance.
Enterprise: Zero Data Retention
Not stored at all
Enterprise customers can arrange Zero Data Retention (ZDR) with Anthropic. Prompts and responses are processed entirely in memory — nothing is written to disk at any point in the pipeline.
Enterprise & Compliance
For customers in regulated industries or with formal security review requirements, we can configure agents for Zero Data Retention, strip all optional identifiers so only task-relevant data is transmitted, or provide Anthropic's SOC 2 report for your vendor review process.
Note: Our agents are not currently HIPAA compliant — Anthropic does not offer a Business Associate Agreement (BAA) at this time. They are also not suitable for EU data residency requirements without confirming region availability directly with Anthropic.
