Security & Privacy
Security Overview
Learn about GC AI security architecture and measures
Enterprise-Grade Security
Updated: May 29, 2025
GC AI implements comprehensive security measures to protect your data and maintain compliance with industry standards:
- End-to-end encryption using AES-256 at rest and TLS 1.2+ in transit
- Private database instances through Neon ensuring complete data isolation
- SOC-2 compliant vendors for all data processing and storage operations
- SOC-2 Type II certification (report available upon request with NDA)
- US-based infrastructure with all servers located exclusively in the United States
This security architecture matches the standards set by leading enterprise cloud providers like Google Cloud.
LLM Provider Security
GC AI partners with industry-leading LLM providers, each with strict data handling policies:
- OpenAI: Implements zero-data retention policy with no training on API data (source)
- Anthropic: Maintains zero-data retention agreement and no training on API data (source)
- Google: Provides dedicated Gemini API service with no training on customer data (source)
- Cohere: Opted out of training on customer data (source)
All our LLM providers are contractually bound to maintain data privacy and security standards that match or exceed industry requirements.