Security & Compliance

Customer truth is sensitive. We protect it with enterprise-grade security, strict compliance standards, and a zero-trust architecture.

Compliance & Certifications

Our founding team has deep information security experience. We are actively pursuing formal certification through Vanta and treat compliance as a first-class priority.

SOC 2 compliance badge

SOC 2

Type II: In Progress via Vanta

GDPR compliance badge

GDPR

In Progress via Vanta

CCPA compliance badge

CCPA

In Progress via Vanta

HIPAA compliance badge

HIPAA

Safeguards in Place

ISO 27001 compliance badge

ISO 27001

On Roadmap

How We Protect Your Data

Encryption Everywhere

All data is encrypted at rest and in transit using TLS 1.2 or higher. We do not store voice recordings, only transcripts and derived emotion/sentiment signals, under your retention controls. We enforce strict transport security protocols across all services.

Secure Cloud Infrastructure

Data is hosted on AWS (US-East) with SOC 2 certified infrastructure. Regular penetration testing and vulnerability assessments keep our systems hardened.

Data Anonymization by Default

Interview data is anonymized by default. We do not store personal identifiers from respondents unless explicitly configured by the client.

No Model Training on Your Data

Customer interview data is never used to train AI models. Your data remains confidential and is used solely for your research purposes.

Role-Based Access Control

Granular permissions, SSO integration, and audit logs ensure that only authorized personnel access your data. Full accountability at every level.

International Compliance

We support Standard Contractual Clauses for EU data transfers and are preparing for EU-U.S. Data Privacy Framework certification.

Your Data, Your Control

1

Data Processing Agreement

You are the Data Controller. ReadingMinds acts as the Data Processor. A DPA can be signed to formalize these roles.

2

Right to Deletion

In compliance with GDPR's “right to be forgotten,” we facilitate permanent data deletion upon request. Export your data first; deletion is irreversible.

3

Sensitive Data Handling

If sensitive information or PII is shared during an interview, the AI automatically moves to the next question and strips out such data.

Have security questions?

Our team is happy to walk through our security architecture, provide compliance documentation, or schedule a security review.

Contact Security TeamOr view the full Procurement & Security Pack →
Start 3‑Minute Live Test Drive
Start 3‑Minute Live Test Drive