Security & Compliance

Security is foundational to how we build and operate AI for enterprises. This page summarises the controls we use to protect your data and our approach to compliance.

Last updated: 23 June 2026

Data encryption

Data is encrypted in transit using TLS 1.2 or higher, and data at rest is encrypted using industry-standard algorithms. Secrets and credentials are stored in managed secret stores, never in source code.

Access controls

We follow the principle of least privilege. Access to customer data is restricted to the personnel who need it to deliver a service, is logged, and is reviewed periodically. Administrative access requires multi-factor authentication.

Infrastructure security

Our services run on reputable cloud and hosting providers with their own strong physical and network security. We use network isolation, hardened configurations, automated patching, and continuous monitoring to reduce risk.

Private LLM hosting & data isolation

For customers with strict data-residency or confidentiality requirements, our Private LLM Hosting keeps models and data within an isolated environment you control. By default, we do not use customer data to train models without explicit written approval.

Compliance posture

Gezora’s controls are designed to align with the SOC 2 Trust Services Criteria, and our data-handling processes are built to support GDPR and HIPAA requirements for customers who operate under them. Where a specific framework, certification status, or attestation report is required, we are happy to share current documentation under NDA — just ask.

Data processing & sub-processors

We offer a Data Processing Addendum (DPA) for customers who need one, and we maintain a current list of sub-processors available on request. See our Privacy Policy for how we handle personal data.

Vulnerability management & incident response

We monitor our systems, apply security updates promptly, and maintain an incident-response process. In the event of a security incident affecting your data, we will notify affected customers in line with our contractual and legal obligations.

Responsible disclosure

If you believe you have found a security vulnerability in any Gezora property, please email sales@gezora.ai with the details. We appreciate responsible disclosure and will work with you to investigate and resolve valid reports.

Contact

For security questions, documentation requests, or a DPA, contact sales@gezora.ai.

Gezora AI Assistant

24/7 available to solve your problems

Welcome to Gezora AI support. We can guide you through services, pricing, custom solutions, and getting started.