Security and trust at Riskora AI

Riskora handles AI risk telemetry for regulated enterprises. Our security program is designed around segregated tenants, regional data residency, and evidence customers can hand directly to their auditors.

Request the trust pack Read our DPA

Certifications and frameworks

  • SOC 2 Type II audit in progress, Type I letter available on request.
  • ISO 27001 aligned controls with annual third-party penetration testing.
  • GDPR and HIPAA aware processing with regional data residency options.

Architecture

  • Segregated tenants per customer with row-level isolation enforced at the database.
  • Encryption at rest using AES-256 and TLS 1.2+ in transit.
  • Customer-managed keys available on the Enterprise plan.
  • Detailed audit logging for every administrative action.

Data handling

  • Customer telemetry stays in the tenant region you select, EU or US.
  • We do not train any model on customer data.
  • Sub-processor list maintained and updated with 30 days notice.

Frequently asked questions

Is Riskora SOC 2 compliant?

SOC 2 Type II audit is in progress with a Big Four firm. A Type I letter and the security whitepaper are available under NDA.

Where is customer data stored?

EU (Frankfurt) or US (Virginia) at tenant creation. Data does not leave the chosen region.

Do you support customer-managed keys?

Yes, on Enterprise. We integrate with AWS KMS and Azure Key Vault.