Security & Trust

Built for the enterprise. Trusted with its secrets.

Every architectural choice we made was designed to make Compiled the easiest security review you've ever passed.

Zero customer data held. Architecturally enforced, not policy-enforced.

Compliance posture.

Honest status, not aspirational checkboxes.

SOC 2 Type II

In progress · Q1 2026

Security, availability, and confidentiality controls under AICPA Trust Service Criteria.

ISO 27001

Roadmap · 2026

Information security management system certification.

ISO 42001

Roadmap · 2026

AI management system standard — responsible AI development.

GDPR / DPA

Compliant

Data Processing Agreements available. Sub-processor list published.

HIPAA BAA

Available

Business Associate Agreements available for healthcare customers.

Azure Marketplace

Available

Deploy directly from the Azure Marketplace into your tenant. No data leaves your environment.

The architecture is the proof.

Your data can't leave your environment because the scanner never talks to ours. The only thing that crosses the boundary is a 7KB math artifact — traveling inward.

COMPILED CLOUDPolicy (Plain English)"Block insider trading patterns"CompilerEmbed · Train · SerializeOutput: 7KB float32 vectorDATA BOUNDARY — NOTHING CROSSES OUTBOUND7KB antibody →CUSTOMER ENVIRONMENT · ZERO EGRESS ZONEYour MessagesEmail · Chat · AgentEmbeddingLocal model — no egressScannerMatmul · <100msReads antibody lib · localVerdict + Audit Logscore · verdict · antibody_idStays in your environment foreverCompliant with SEC 17a-4, FINRA 3110Federation (opt-in): DP centroids only · ε=1.0NOT messages · NOT embeddings · NOT verdicts

Data practices.

Every question your InfoSec team will ask. Answered precisely.

Security controls.

Standard controls. Implemented without exception.

Encryption at rest

AES-256

Encryption in transit

TLS 1.3

Access control

Role-based (RBAC)

Authentication

MFA enforced

Secrets management

Azure Key Vault / AWS KMS

Vulnerability scanning

Weekly automated

Penetration testing

Annual third-party

Incident response SLA

24h notification

Responsible AI statement.

Compiled's AI systems generate synthetic training data and compile antibody vectors. We do not make autonomous decisions about individuals. All verdicts are scores — humans and your existing workflows determine consequences. We publish our privacy proofs and make our data architecture available for legal review on request.

Aligned with NIST AI RMFISO 42001 roadmapEU AI Act Art. 52

Request security documentation.

Security questionnaires, DPAs, sub-processor lists, and architecture diagrams — delivered in one business day. No sales call required.

Typically delivered within one business day. No sales call required.