> ## Documentation Index
> Fetch the complete documentation index at: https://docs.personal.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance

Personal AI is fully compliant with GDPR and HIPAA, and holds certifications for SOC 2 and ISO 27001. It is securely hosted on Google Cloud, with data encrypted both at rest and in transit. To ensure a secure sign-in experience, Personal AI offers passwordless authentication supported by two-factor authentication (2FA).

<CardGroup cols={1}>
  <Card title="Data Processing Agreement" icon="shield-check">
    We maintain full GDPR compliance through comprehensive data protection measures and privacy controls. For Enterprise customers, we offer a robust Data Processing Agreement (DPA) that outlines our commitment to data protection and details our data handling practices in accordance with GDPR requirements. To initiate the DPA signing process or discuss specific data protection needs, please reach out to your Personal AI point of contact, or send us an email at [enterprise-support@personal.ai](mailto:enterprise-support@personal.ai). They will guide you through the process and ensure all necessary documentation is properly executed.
  </Card>
</CardGroup>

<CardGroup cols={3}>
  <Card title="Privacy Notice" icon="shield-halved" href="https://www.personal.ai/privacy-notice">
    How Personal AI collects, uses, and protects personal data.
  </Card>

  <Card title="Cookie Notice" icon="cookie" href="https://www.personal.ai/cookie-notice">
    Use of cookies and similar technologies on our platform.
  </Card>

  <Card title="Terms of Service" icon="file" href="https://www.personal.ai/terms-of-service">
    Rules and conditions for using Personal AI products and services.
  </Card>
</CardGroup>

<CardGroup cols={3}>
  <Card title="Acceptable Use Policy" icon="building-shield" href="https://www.personal.ai/acceptable-use-policy">
    Permitted and prohibited behaviors when using our services.
  </Card>

  <Card title="Trust Center" icon="lock" href="https://trust.personal.ai/">
    Central resource for security, privacy, compliance, and transparency.
  </Card>

  <Card title="Subprocessors" icon="shield" href="https://trust.personal.ai/subprocessors">
    Third-party vendors authorized to process data on our behalf.
  </Card>
</CardGroup>

<CardGroup cols={3}>
  <Card title="Subprocessor update" icon="badge-check" href="https://www.personal.ai/sub-processor-updates">
    Notices about additions or changes to our subprocessors list.
  </Card>

  <Card title="Data Request" icon="database" href="https://personal.ai/request-data">
    How users can access, correct, or delete their personal data.
  </Card>

  <Card title="Service Uptime" icon="server" href="https://status.personal.ai/">
    Availability and performance metrics for our systems.
  </Card>
</CardGroup>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="How do you protect our data during transmission?">
    We use secure data transmission protocols to encrypt all confidential and sensitive data when transmitted over public networks. Our SSL certificates ensure end-to-end encryption, and we maintain documented cryptography policies that govern all data transmission security measures.
  </Accordion>

  <Accordion title="What access controls do you have in place?">
    Our production systems can only be remotely accessed by authorized employees using multi-factor authentication (MFA). We maintain strict access control policies that document requirements for adding, modifying, and removing user access. All privileged access to critical systems like firewalls and encryption keys is restricted to authorized users with documented business need.
  </Accordion>

  <Accordion title="How do you monitor for security threats?">
    We use intrusion detection systems for continuous network monitoring and early detection of potential security breaches. We perform quarterly vulnerability scans on all external-facing systems, with critical and high vulnerabilities tracked to remediation. Our log management tools identify events that could impact our security objectives.
  </Accordion>

  <Accordion title="Do you have compliance certifications?">
    Yes, we maintain SOC2 compliance and are working toward ISO 27001 certification. We undergo regular third-party security audits and assessments to ensure we meet industry standards for data protection and security controls.
  </Accordion>
</AccordionGroup>
