The order of access
The extraction pipeline
The automated pipeline reads the report to extract commitments, cadences, and
dependencies. The report is encrypted in transit and at rest.
A vetted assessor
A practitioner verifies the extracted output before delivery. Assessors work
under written confidentiality obligations and receive only the access needed for
the review.
The controls around it
- Mutual NDA before upload. The NDA is accepted before upload is enabled. You receive a copy by email with the acceptance timestamp. The text is public at soc2doc.ai/nda.
- Separate authorization log. Permission for machine and human analysis is recorded separately, with its own timestamp.
- Private storage. Reports are encrypted in transit and at rest; stored objects are private and are never rendered publicly.
- Deletion on request. You can request deletion at no cost. If you need guaranteed secure deletion immediately after delivery, with a signed certificate for your own vendor-risk records, that is the $99 option on the pricing page.
Free reviews may be retained and anonymized to improve the service, as stated in
the authorization you give at upload. Deletion remains available at no cost; the
$99 option adds a signed certificate.