Privacy & Security

Articles

• Where do production and backups reside?
• How long are outputs maintained?
• Do you support SAML in your product?
• Has AssemblyAI certified to the EU-U.S. Data Privacy Framework?
• How does AssemblyAI encrypt data at rest and in transit?
• Do you have SOC2 certification?
• Do you have documented information security policies? If so, how frequently are they updated?
• Where are your servers located?
• How are incidents escalated within your organization?
• Are you GDPR compliant?
• Does AssemblyAI have a documented process for reviewing and approving third-party service providers?
• Is multi-factor authentication enforced for all access to scoped systems and data?
• Do you offer servers in the EU?
• How long does AssemblyAI retain data in the Production Environment?
• Are files submitted to the API used for model training?
• Do you offer EU Data Residency?
• How to Access AssemblyAI's Security Reports
• What standards do your internal password policies follow?
• Does AssemblyAI use encryption?
• Does AssemblyAI utilize an anti-virus/anti-malware solution across all relevant infrastructure (workstations and servers), and are appropriate response capabilities deployed to respond to ale
• What are your recovery time and recovery point objectives?
• How do we securely use your service?
• Can I sign a DPA agreement with AssemblyAI?
• How do you protect production code?
• What logs are available to customers?
• How long does AssemblyAI maintain inputs?
• Will AssemblyAI sign a Business Associate Addendum (BAA) as described in the HIPAA rules and regulations?
• Can you provide a recent vulnerability scan?
• What TLS versions are supported?
• Do you have a formal risk assessment policy or process?
• Does AssemblyAI have an incident response plan?
• Can you provide a copy of your most recent penetration test executive summary?
• What is your SLA for repairing Critical/High/Medium vulnerabilities?