Security, Privacy and Compliance at Symbl.ai

Empowering customers to build highly secure and scalable systems that operates on conversation data.

Compliance

SOC2 Type II

Symbl has completed a full third-party SOC 2 Type II audit – an independent auditor has evaluated our product, infrastructure, and policies, and certifies that Symbl complies with their stringent requirements for the certification.

HIPPA BAA

Symbl.ai offers HIPAA BAA agreements to companies in the healthcare industry that must comply with HIPAA regulations for safeguarding patient privacy and sensitive health information. We also sign Business Associate Contracts as required.

PCI Compliant

Symbl.ai is compliant with the Payment Card Industry (PCI) Data Security Standard (DSS) that requires strict security controls and processes for transacting customer payment card data.

GDPR Compliant

Symbl.ai complies with the General Data Protection Regulation (GDPR). All new vendors, assets and activities pertaining to processing personal data are subject to a review of privacy, security and compliance.

We follow relevant processes for transfers of personal data outside the European Union / UK. We also help our customers provide GDPR compliant solutions to their end-users and customers.

CSA CAIQ

Symbl.ai completed the security assessment with the The Consensus Assessments Initiative Questionnaire (CAIQ). CAIQ is provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess information security capabilities of cloud providers.

Symbl complies with the secure cloud computing best practices and follows the standard security controls that exist in cloud services, such as infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) offerings.

Security Program Overview

Data Security
Symbl.ai is certified under SOC 2 Type II, secures data between customer applications, supports TLS 1.2 encryption. All connections are secured using 2048 bit AES encryption. Over the wire, data is encrypted using RSA 2048 bit keys. At rest, data is encrypted using AES-256. We maintain strict governance and protection standards to ensure data is appropriately stored, processed, and handled by our people, systems and technology.

Read our Privacy Policy

Product Security
Symbl.ai developer process ensures our products, services, and APIs are secure by design, in development, and after deployment. We ensure a stable and secure production environment for all our customers through our software delivery and change management model.
Risk Management
Symbl.ai implements a framework for risk management that is flexible and scalable for ongoing identification, assessment, treatment, and reporting of security risks. Symbl.ai uses identity and access management controls and offers added security for retention, isolation and uptime to keep your accounts safe.