Privacy & Security

Do you have SOC2 certification?

›

Where are your servers located?

›

Does AssemblyAI use encryption?

›

Does AssemblyAI have a documented process for reviewing and approving third-party service providers?

›

Does AssemblyAI utilize an anti-virus/anti-malware solution across all relevant infrastructure (workstations and servers), and are appropriate response capabilities deployed to respond to ale

›

What standards do your internal password policies follow?

›

Is multi-factor authentication enforced for all access to scoped systems and data?

›

Does AssemblyAI have an incident response plan?

›

How does AssemblyAI encrypt data at rest and in transit?

›

How long does AssemblyAI maintain inputs?

›

How long are outputs maintained?

›

What is your SLA for repairing Critical/High/Medium vulnerabilities?

›

Can you provide a recent vulnerability scan?

›

Where do production and backups reside?

›

Can you provide a copy of your most recent penetration test executive summary?

›

Do you support SAML in your product?

›

How do you protect production code?

›

How are incidents escalated within your organization?

›

Do you have documented information security policies? If so, how frequently are they updated?

›

Do you have a formal risk assessment policy or process?

›

What are your recovery time and recovery point objectives?

›

How do we securely use your service?

›

Are files submitted to the API used for model training?

›

Will AssemblyAI sign a Business Associate Addendum (BAA) as described in the HIPAA rules and regulations?

›

Are you GDPR compliant?

›

What logs are available to customers?

›

Do you offer servers in the EU?

›

What TLS versions are supported?

›

How to Access AssemblyAI's Security Reports

›

Do you offer EU Data Residency?

›

How long does AssemblyAI retain data in the Production Environment?

›

Can I sign a DPA agreement with AssemblyAI?

›

Has AssemblyAI certified to the EU-U.S. Data Privacy Framework?

›