Our Approach

At Wolfia, security and compliance are foundational to our platform. Handling sensitive business knowledge requires us to integrate security into every layer of our infrastructure and processes. We are actively pursuing SOC 2 Type 2 certification with Oneleet, which includes rigorous penetration testing of our production environment to ensure the highest standards of protection.

Data Protection

We prioritize the confidentiality and integrity of your business data through comprehensive protection measures:

Zero Data Retention Agreements

We uphold a strict zero data retention policy. Your data is never stored beyond what is necessary to deliver our services, and we do not engage in data retention agreements unless explicitly requested by you. This ensures that your information remains under your control at all times.

No Training on Your Data

Your data remains exclusively yours. We never use customer data or content to train our models, and neither do our foundational model providers. The only exception is if you explicitly request a custom-trained model for your exclusive use.

Data Privacy

All customer data is processed and stored in the United States by default. We adhere to the highest applicable privacy standards across all data classes and enforce strict data access controls. Your sensitive information remains protected while accessible to your team as needed.

Encryption & Security

We implement robust encryption and security measures by default:

  • Data at Rest: Encrypted using AES-256
  • Data in Transit: Secured with HTTPS/TLS 1.3+
  • Database Connections: Verified using TLS certificates
  • Network Security: Enhanced through network segmentation and strategic firewall deployment

Infrastructure Security

Our cloud-native infrastructure is engineered for enterprise-grade security:

Access Controls

  • Multi-Factor Authentication (MFA): Required for all system access
  • Role-Based Access Control (RBAC): Ensures appropriate access levels
  • Regular Access Reviews: Periodic audits of access privileges
  • Centralized Identity Management: Streamlined and secure user authentication

Monitoring & Protection

  • Intrusion Detection: Host and network-based systems in place
  • Security Logging & Monitoring: Centralized for real-time threat detection
  • Vulnerability Management: Regular scanning and patching of systems
  • Web Application Firewall (WAF): Protects against common web threats

Secure Development

  • Training: Engineers are educated on secure development practices
  • Code Reviews: Mandatory for all code changes
  • Security Testing: Both static and dynamic analyses are conducted
  • Dependency Management: Centralized to ensure safe software components
  • Continuous Assessments: Ongoing security evaluations and penetration testing

Compliance & Certifications

We are dedicated to upholding the highest security standards:

  • SOC 2 Type 2 Certification: In progress with Oneleet
  • Penetration Testing: Comprehensive evaluations of our production environment
  • Third-Party Assessments: Regular security reviews by independent experts
  • Continuous Monitoring: Ensuring ongoing compliance with industry standards

Incident Response

Our robust incident response framework ensures swift and effective handling of security events:

  • Response Playbooks: Documented procedures for various incident scenarios
  • Annual Testing: Regular drills and updates to response strategies
  • Rapid Notifications: Timely alerts to stakeholders in the event of incidents
  • Clear Escalation Paths: Defined channels for escalating critical issues

Sub-processor Security

We meticulously vet and monitor our sub-processors to maintain data security:

  • Data Processing Location: All processing occurs within the United States
  • Zero Data Retention Agreements: Sub-processors do not retain your data
  • No Human Review: Customer data is not subject to human inspection
  • Regular Security Reviews: Continuous evaluation of all service providers

Enterprise Ready

Our security program is tailored to meet the most demanding enterprise requirements:

  • Zero Data Retention by Default: Ensuring your data remains transient unless specified otherwise
  • Customizable Data Retention Policies: Flexible options to meet your specific needs
  • Flexible Authentication Options: Supporting various secure access methods
  • Enterprise-Grade SLAs: Guaranteed performance and security standards

For detailed security information or to request our security documentation, please contact security@wolfia.com.