Compliance
Personal AI is fully compliant with GDPR and HIPAA, and holds certifications for SOC 2 and ISO 27001. It is securely hosted on Google Cloud, with data encrypted both at rest and in transit. To ensure a secure sign-in experience, Personal AI offers passwordless authentication supported by two-factor authentication (2FA).
Data Processing Agreement
We maintain full GDPR compliance through comprehensive data protection measures and privacy controls. For Enterprise customers, we offer a robust Data Processing Agreement (DPA) that outlines our commitment to data protection and details our data handling practices in accordance with GDPR requirements. To initiate the DPA signing process or discuss specific data protection needs, please reach out to your Personal AI point of contact, or send us an email at enterprise-support@personal.ai. They will guide you through the process and ensure all necessary documentation is properly executed.
Privacy Notice
How Personal AI collects, uses, and protects personal data.
Cookie Notice
Use of cookies and similar technologies on our platform.
Terms of Service
Rules and conditions for using Personal AI products and services.
Acceptable Use Policy
Permitted and prohibited behaviors when using our services.
Trust Center
Central resource for security, privacy, compliance, and transparency.
Subprocessors
Third-party vendors authorized to process data on our behalf.
Subprocessor update
Notices about additions or changes to our subprocessors list.
Data Request
How users can access, correct, or delete their personal data.
Service Uptime
Availability and performance metrics for our systems.
Frequently Asked Questions
How do you protect our data during transmission?
How do you protect our data during transmission?
We use secure data transmission protocols to encrypt all confidential and sensitive data when transmitted over public networks. Our SSL certificates ensure end-to-end encryption, and we maintain documented cryptography policies that govern all data transmission security measures.
What access controls do you have in place?
What access controls do you have in place?
Our production systems can only be remotely accessed by authorized employees using multi-factor authentication (MFA). We maintain strict access control policies that document requirements for adding, modifying, and removing user access. All privileged access to critical systems like firewalls and encryption keys is restricted to authorized users with documented business need.
How do you monitor for security threats?
How do you monitor for security threats?
We use intrusion detection systems for continuous network monitoring and early detection of potential security breaches. We perform quarterly vulnerability scans on all external-facing systems, with critical and high vulnerabilities tracked to remediation. Our log management tools identify events that could impact our security objectives.
Do you have compliance certifications?
Do you have compliance certifications?
Yes, we maintain SOC2 compliance and are working toward ISO 27001 certification. We undergo regular third-party security audits and assessments to ensure we meet industry standards for data protection and security controls.