We use cookies to improve your experience

    We use cookies for analytics and to improve site functionality. View our Privacy Policy.

    Security you can take to diligence.

    Encryption in transit and at rest. Your data is never used to train our models.

    SOC 2 Type II Audit In Progress

    Audit observation period began Q1 2026. Independent auditor: withheld until report is filed. Type II report available under MNDA on request - email security@goodstream.com.

    We do not claim "SOC 2 compliant" or "certified" - we claim what is verifiable today. The audit covers our security, availability, and confidentiality controls and will conclude in Q3 2026.

    Encryption Everywhere

    TLS 1.3 in transit, AES-256 at rest.

    • TLS 1.3 in transit
    • AES-256 at rest
    • Key rotation every 90 days

    Role-based Access

    Least-privilege permissions and multi-factor authentication.

    • SSO integration
    • MFA enforcement
    • Granular permissions

    Audit Logging

    Immutable audit trails with real-time alerts.

    • Immutable logs
    • Real-time alerts
    • 90-day retention

    Your Data Stays Yours

    Your data never trains our models.

    • No model training
    • Isolated processing
    • Explainable outputs

    Compliance Posture

    SOC 2 Type II audit in progress. Working toward GDPR and CCPA alignment.

    • SOC 2 Type II audit in progress
    • Working toward GDPR alignment
    • Working toward CCPA alignment

    Infrastructure Security

    Multi-region cloud infrastructure with DDoS protection.

    • Multi-region
    • DDoS protection
    • Hardened cloud baseline

    Compliance & Standards

    We align with industry-leading security frameworks and undergo regular third-party assessments.

    OWASP Top 10
    Implemented
    NIST CSF
    Aligned

    Your Data Stays Yours

    We never train on your data and you control where it's processed.

    No Model Training

    We never train on, learn from, or retain your data. All processing happens in isolated, secure environments.

    Explainable Outputs

    Every extraction includes confidence scores and source attribution. Full transparency into how conclusions are reached.

    Data Residency

    Choose where your data is processed and stored. Full control over data location and movement with detailed audit trails.

    Human Oversight

    Critical decisions require human approval. Configurable confidence thresholds with human-in-the-loop workflows.

    Data Processing Agreement

    Need a Data Processing Agreement or have specific compliance requirements? We're here to help.

    Security FAQs

    Common questions about data security and compliance

    How is my data encrypted?
    All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Encryption keys are managed through industry-standard key management services with regular rotation.
    Is my data used to train AI models?
    No, never. Your data is strictly isolated and used only for your firm's operations. We do not use client data to train our AI models or share any information between clients. Your proprietary data remains completely confidential.
    What access controls does GoodStream provide?
    GoodStream offers role-based access controls (RBAC), single sign-on (SSO), multi-factor authentication (MFA), and granular permissions. You control exactly who can see what data, with complete audit trails of all access and changes.