Privacy Policy
How Data Is Used
Your project data will be securely stored in our database hosted by AWS. By default, no one outside of your organization will have access to your data.When working on experimental generation features, our research team will require access to data being used. Data will not be exposed outside of this team.
We do not train on user data. For more information about how our models interface with your data, see How SAFA Generates Documentation.
Data Purging
In the event that you are leaving our platform or request to do so, we can purge all of your stored data from our database, including any custom models we have built for you personally.
Security Compliance
We are currently in the process of getting the SOC II Type 2 Certification for our application.
While we do not yet have the certification, our entire system uses HTTPS for secure data transfer between our front-end web app, back-end server, and data generation server.
We have initial features around access control for data, allowing you to set who on a given project can edit or view its data. We will be building out more fine grained access control to match the functionality of the systems that we integrate with, such as specific provisions on what segments of data an individual can see and edit.
You can view our trust report and current progress on Vanta:SAFA Trust Report
Access Control
Access control is initially implemented as defining what users within an organization need access to view or edit data on a per-project basis.
We are currently implementing more fine grained access control permissions for all individuals within an organization, allowing specific control over what users have visibility and other access privileges on specific processes.
Single Sign On (SSO) and Multi-Factor Authentication (MFA) We do not currently have SSO or MFA implemented within our system, but do have plans to do so to have more secure control over what users have access to data within SAFA.Once implemented, MFA will be enabled for all users and will be updated regularly. In the event of a breach, MFA will be used to protect access to data.
Audit Logging
We do not currently support audit logging for monitoring activity within an organization. We do have general logs that are permanently stored if we need to retroactively review activity within an account.
In the future, we will construct and retain logs for each organization with the date, time, user, IP address, and type of each logged action.