Securing Trust: CustomGPT.ai’s Path to SOC 2 Type 2 Certification

We are thrilled to announce that CustomGPT.ai has achieved SOC 2 Type 2 certification, a significant milestone in our commitment to data security.

Why Data Security Matters To Our Customers

When dealing with proprietary information, data security is a fundamental component of trust. Our customer’s need for confidentiality and privacy for uploaded data highlights the critical importance of secure data management practices.

Whether it involves uploading a CSV file, processing sensitive employee handbooks, ensuring that data is never used for training public AI models or managing how long data is retained, our customers expect us to approach each aspect of data handling with the highest security standards.

SOC 2 certification underlines our commitment to them, and builds on robust measures we already have in place, such are immediate file deletions and comprehensive Data Processing Agreements.

What is SOC 2 Type 2?

SOC 2, or System and Organization Controls 2, is a comprehensive evaluation designed to ensure a company’s systems manage and protect data according to established standards. While SOC 2 Type 1 does this evaluation at specific point in time, SOC 2 Type 2 ensures continual audit of a company.

SOC 2 focuses on five crucial trust principles, each serving as a pillar to safeguard sensitive information and ensure operational excellence:

1. Security: Protecting information and systems from unauthorized access, theft, or damage.

2. Availability: Not solely focused on uptime and availability of services for operation, but also on the resilience of operations.

3. Processing Integrity: Confirming that system processing is complete, accurate, timely, and authorized.

4. Confidentiality: Ensuring that data is shared or disclosed only to authorized parties.

5. Privacy: Making sure that collection, use, retention, disclosure, and disposal of personal information are in conformity with the company’s privacy policy and any applicable privacy regulations.

Why We Pursued SOC 2 Type 2

Our decision was strategic, driven by our commitment to our customers and partners. Here’s why this was important for us:

Trust and Confidence: In today’s environment, where data breaches and cyber threats have become common, ensuring the security of sensitive information is essential for businesses. We sought SOC 2 Type 2 certification to provide our customers with the highest level of confidence in our ability to protect their data.

Competitive Edge: Demand for chatbots that are capable of securely handling private business data is growing every day, and so is the number of companies building them. Achieving this certification sets us apart, and signals to both current and prospective clients that we prioritize their security and are dedicated to upholding the highest standards of data protection.

Enterprise Readiness: With ever growing number of our customers being large organizations with strict data security requirements, we have recognized the necessity to meet their needs and ensure the best possible practices to keep their proprietary information secure.

Operational Excellence: The rigorous process of obtaining this certification has significantly strengthened our internal processes. It has made our operations more efficient and resilient, embedding a culture of continuous improvement and diligent oversight.

Regulatory Compliance: Many of our clients operate in industries that are bound by strict regulatory requirements regarding data security and privacy. By achieving this certification, we not only meet but exceed these security standards, easing our customers’ compliance burden.

Customer Testimonial

There’s no better way to highlight the impact of SOC 2 Type 2 certification, than hearing from our customer Paul C Dwyer, President of the ICTTF International Cyber Threat Task Force, who holds data security high on their list of priorities.

“The achievement of SOC 2 Type 2 certification by CustomGPT.ai underscores their commitment to maintaining the highest standards of data security and operational excellence. For SaaS providers, SOC 2 Type 2 certification is crucial as it demonstrates a rigorous adherence to security, availability, processing integrity, confidentiality, and privacy controls. This not only reinforces trust but also ensures compliance with industry best practices, making CustomGPT.ai a reliable and trusted supplier to esteemed organizations like ICTTF.”

Detailed Overview of Our Security Practices

Encryption Standards: We use SSL encryption to secure data during transit and apply industry-standard 256-bit AES encryption to safeguard data at rest.

No Data Sharing: Our architecture is designed to prevent data sharing between bots, even within the same account. Each bot operates in a fully self-contained environment, ensuring that data used for one is completely isolated from others.

Privacy First Approach: We prioritize your privacy by not storing your files unless explicitly requested for functionality – such as needing to reference them in bot responses. By default, each chatbot is set to private mode, meaning only authorized users can interact with it.

Data Protection: Our data handling protocols ensure that data and logs are untraceable back to any individual user, enhancing privacy and compliance with global data protection regulations.

Secure Vendors: We utilize only secure, vetted vendors such as AWS for cloud services and Stripe for payment processing, following the best practices to ensure that every component of our service meets high security standards.

If you want to learn more about our security and privacy principles, check our Security page, Trust Center or contact sales, as we remain dedicated to continuously improving our practices to ensure that your data is not just secure today, but remains secure in the future!

Frequently Asked Questions

What is SOC 2 Type 2 certification?

SOC 2 Type 2 certification is an audit that evaluates an organization’s information security measures over time, ensuring they meet the American Institute of Certified Public Accountants (AICPA) standards for managing customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

Why is SOC 2 Type 2 certification important for CustomGPT.ai

For CustomGPT.ai, achieving this certification is crucial as it demonstrates our commitment to data security and builds trust with customers, proving that our systems and controls are designed to safeguard their data continuously and effectively.

How does SOC 2 Type 2 certification differ from SOC 2 Type 1?

The key difference between SOC 2 Type 1 and Type 2 certifications lies in the duration and scope of the audit. SOC 2 Type 1 certification assesses the suitability of the design of an organization’s controls at a specific point in time. In contrast, SOC 2 Type 2 examines the operational effectiveness of these controls over a defined period.

How often does CustomGPT.ai undergo SOC 2 Type 2 audits?

CustomGPT.ai undergoes SOC 2 Type 2 audits annually to ensure continuous adherence to the stringent requirements set forth for security and data management. It is possible, however, to conduct these audits every six months if required by a customer.

How does achieving SOC 2 Type 2 certification improve the security of my data with CustomGPT.ai?

Achieving SOC 2 Type 2 certification means that CustomGPT.ai adheres to industry-recognized best practices for data security. This certification ensures that comprehensive security measures are in place and effectively managed to protect your data against unauthorized access, breaches, and other security threats.

What does SOC 2 Type 2 compliance mean for data confidentiality and privacy at CustomGPT.ai?

SOC 2 Type 2 compliance signifies that CustomGPT.ai follows best practices for ensuring data confidentiality and privacy. This means that all measures – from encryption and access controls to privacy policies – are regularly reviewed and verified by third-party auditors to ensure they effectively protect customer data and uphold privacy standards.

How can clients verify that CustomGPT.ai maintains SOC 2 Type 2 compliance?

Clients can verify CustomGPT.ai’s ongoing compliance with SOC 2 Type 2 by visiting our Trust Center at Sprinto. This platform provides transparency about our security practices and compliance status, offering clients and partners reassurance about the reliability and safety of our services.

Does CustomGPT.ai guarantee the confidentiality of my proprietary information?

Absolutely. CustomGPT.ai is built on strong privacy principles, ensuring that any information uploaded to a bot remains within that bot’s environment, not shared with other bots, even those in the same account. Please visit our security principles at https://customgpt.ai/security/

It’s important to note that your data will not be incorporated into OpenAI training sets. For more details, please see their announcement and data usage policy : https://openai.com/policies/api-data-usage-policies

How does CustomGPT.ai handle data privacy? Is our business data safe?

CustomGPT.ai prioritizes data privacy. We ensure that your business data stays safe by storing it in isolated environments per bot and not using it for any other purposes, including model training. You can find more about our data privacy policies at https://customgpt.ai/security/

Does CustomGPT.ai have a Data Processing Agreement (DPA), and what data is automatically collected from the user?

Yes, CustomGPT.ai operates under a DPA. As for data collection, CustomGPT.ai collects minimal user data required for service operation and improvement, in compliance with privacy laws and regulations. Detailed information can be found in our privacy policy : https://www.iubenda.com/privacy-policy/45263214

How can we be assured our business data will be protected and there are no data breaches?

We take data protection seriously at CustomGPT.ai. Our security measures include strong encryption, access controls, and a robust system architecture designed to prevent unauthorized access or data breaches. For an in-depth understanding of how we ensure data protection, please refer to our security principles at https://customgpt.ai/security/. We are committed to regularly updating and improving our security practices to protect your business data effectively.

Is my business data used to train the ChatGPT model?

No, your business data is not used to train the ChatGPT model. The information you provide when interacting with CustomGPT.ai stays strictly within your specific bot instance and is not incorporated into any OpenAI model training. See OpenAI’s data usage policy: https://openai.com/policies/api-data-usage-policies

Does Custom GPT support the GDPR?

CustomGPT supports the GDPR by having policies in place that protect your privacy and data rights.

How does CustomGPT.ai comply with the GDPR?

CustomGPT complies with the GDPR by getting user consent for data collection, protecting user data, allowing users to access or delete their data, notifying users of data breaches, and ensuring third-party vendors also follow GDPR rules.

Can I get a DPA?

Customers on our Enterprise plan may complete our DPA Form to execute our Data Privacy Addendum. This agreement is only available for Enterprise customers. Non-enterprise customers are unable to enter into a DPA with CustomGPT.ai. Additionally, CustomGPT.ai cannot customize DPAs for individual cases.

Can I request to download or delete my data?

Complete our Privacy Request Form to request to download or delete all of your data.

How long does CustomGPT.ai retain my data?

CustomGPT keeps your data until you decide what to do with it. You can use CustomGPT.ai’s capabilities to delete your documents immediately after processing. If you choose to keep the documents to benefit from features like citations and links, they’ll stay with CustomGPT.ai until you choose to remove them.

How does CustomGPT.ai handle breach management?

If you believe there’s a security issue or that someone might have gotten unauthorized access to data on CustomGPT.ai, send us an email at ops@customgpt.ai. Don’t worry, we won’t share your email with others. We promise to take your concern seriously and will thoroughly investigate the matter.

Build a Custom GPT for your business, in minutes.

Deliver exceptional customer experiences and maximize employee efficiency with custom AI agents.

Trusted by thousands of organizations worldwide

Related posts

Leave a reply

Your email address will not be published. Required fields are marked *

*

3x productivity.
Cut costs in half.

Launch a custom AI agent in minutes.

Instantly access all your data.
Automate customer service.
Streamline employee training.
Accelerate research.
Gain customer insights.

Try 100% free. Cancel anytime.