Security

Owned by Meir Davis
Last updated: May 30, 2024
2 min read

Do not upload sensitive data to the demo environment agatsoftware.ai/demo

Security Features

  • Data encryption during transit and at rest

  • Auzre based SSO

  • Granular app management

  • IP Whitelisting

International security compliance certifications and regulations

  • SOC 2 - Third party audited

  • PCI Compliant

FAQ

Do you have security policies and procedures?

We have a comprehensive set of security policies modeled around the SOC2 framework.

We have policies that cover:

  • Security and Privacy Roles

  • Risk Management

  • Asset Management and Protection

  • Data Classification/Handling/Transmission

  • Data Recovery and Business Continuity

  • User Access Management

  • People and Training

  • Product Development and Change Management

  • Supplier Relationships

Do you conduct a risk assessment regularly?

We annually review our adherence to the above policies and we work with an independent auditing firm to ensure continuous compliance to the SOC2 standards.

Where is my data stored?

For SAAS customers, it is stored in the Azure/AWS region selected by the customer. For on prem customers all data is stored on prem.

How does my data flow through your system?

Business GPT ingests and uses customer data in slightly different ways depending on how the service is configured, but here’s a very high level explanation of how the system works

  • Registering for the service requires a user’s first name, last name and corporate e-mail address

  • Ingesting - users upload data or data is loaded from specified data sources and saved in the BGPT environment.

  • Querying - Users input queries and the queries together with relevant ingested data is sent to AGAT managed AI servers.

How do you ensure no other client sees my data?

Customer data is stored in single tenant datastores where requested or secure multitenant storage otherwise.

How do you ensure no unauthorized AGAT employees see my data?

AGAT maintains strict need-to-access policies for production data.

Do third parties have access to my data?

No third parties have access to your data by default, even our cloud hosting providers due to encryption procedures in place. Customers may opt-in to use third party AI providers in some circumstances, but this is optional.

Is your application penetration tested?

Yes, it is regularly tested by automated and manual testing.