Security Features and FAQ for SAAS
Do not upload sensitive data to the demo environment agatsoftware.ai/demo
- 1 Security Features
- 2 FAQ
- 2.1 Do you have security policies and procedures?
- 2.2 Do you conduct a risk assessment regularly?
- 2.3 How do you ensure no other client sees my data?
- 2.4 What access does AGAT have to customer data
- 2.5 How do you ensure no unauthorized AGAT employees see my data?
- 2.6 Do third parties have access to my data?
- 2.7 Is your application penetration tested?
Security Features
Data encryption during transit and at rest
Auzre based SSO
Granular app management
IP Whitelisting
International security compliance certifications and regulations
SOC 2 - Third party audited
PCI Compliant
FAQ
Do you have security policies and procedures?
We have a comprehensive set of security policies modeled around the SOC2 framework.
We have policies that cover:
Security and Privacy Roles
Risk Management
Asset Management and Protection
Data Classification/Handling/Transmission
Data Recovery and Business Continuity
User Access Management
People and Training
Product Development and Change Management
Supplier Relationships
Do you conduct a risk assessment regularly?
We annually review our adherence to the above policies and we work with an independent auditing firm to ensure continuous compliance to the SOC2 standards.
Where is my data stored?
For SAAS customers, it is stored in the Azure/AWS region selected by the customer. For on prem customers all data is stored on prem.
How does my data flow through your system?
Business GPT ingests and uses customer data in slightly different ways depending on how the service is configured, but here’s a very high level explanation of how the system works
Registering for the service requires a user’s first name, last name and corporate e-mail address
Ingesting - users upload data or data is loaded from specified data sources and saved in the BGPT environment.
Querying - Users input queries and the queries together with relevant ingested data is sent to AGAT managed AI servers.
How do you ensure no other client sees my data?
Customer data is stored in single tenant datastores where requested or secure multitenant storage otherwise.
What access does AGAT have to customer data
Files ingested from customer sources are not stored. Text is extracted and stored for the purpose of providing answering user questions.
Files uploaded directly are stored and processed.
In accordance with SOC II standards, production data is protected as follows
Support staff don’t have application level access to customer data
Dev-ops personel have strict role based access
Auditing of access to customer data available upon request
Customers deploying to their own cloud or on-prem, with our assistance benefit from total control of their data, choosing when to permit AGAT to access their system.
How do you ensure no unauthorized AGAT employees see my data?
AGAT maintains strict need-to-access policies for production data.
Do third parties have access to my data?
No third parties have access to your data by default, even our cloud hosting providers due to encryption procedures in place. Customers may opt-in to use third party AI providers in some circumstances, but this is optional.
Is your application penetration tested?
Yes, it is regularly tested by automated and manual testing.