Security you can take to diligence.
Encryption in transit and at rest. Your data is never used to train our models.
SOC 2 Type II Audit In Progress
Audit observation period began Q1 2026. Independent auditor: withheld until report is filed. Type II report available under MNDA on request - email security@goodstream.com.
We do not claim "SOC 2 compliant" or "certified" - we claim what is verifiable today. The audit covers our security, availability, and confidentiality controls and will conclude in Q3 2026.
Encryption Everywhere
TLS 1.3 in transit, AES-256 at rest.
- TLS 1.3 in transit
- AES-256 at rest
- Key rotation every 90 days
Role-based Access
Least-privilege permissions and multi-factor authentication.
- SSO integration
- MFA enforcement
- Granular permissions
Audit Logging
Immutable audit trails with real-time alerts.
- Immutable logs
- Real-time alerts
- 90-day retention
Your Data Stays Yours
Your data never trains our models.
- No model training
- Isolated processing
- Explainable outputs
Compliance Posture
SOC 2 Type II audit in progress. Working toward GDPR and CCPA alignment.
- SOC 2 Type II audit in progress
- Working toward GDPR alignment
- Working toward CCPA alignment
Infrastructure Security
Multi-region cloud infrastructure with DDoS protection.
- Multi-region
- DDoS protection
- Hardened cloud baseline
Compliance & Standards
We align with industry-leading security frameworks and undergo regular third-party assessments.
Your Data Stays Yours
We never train on your data and you control where it's processed.
No Model Training
We never train on, learn from, or retain your data. All processing happens in isolated, secure environments.
Explainable Outputs
Every extraction includes confidence scores and source attribution. Full transparency into how conclusions are reached.
Data Residency
Choose where your data is processed and stored. Full control over data location and movement with detailed audit trails.
Human Oversight
Critical decisions require human approval. Configurable confidence thresholds with human-in-the-loop workflows.
Data Processing Agreement
Need a Data Processing Agreement or have specific compliance requirements? We're here to help.
Security FAQs
Common questions about data security and compliance