# Security and Privacy

eesel AI takes security and privacy seriously. We're committed to protecting your data and meeting the compliance standards your organization requires.

Please review the resources below. If your questions aren't answered here, [contact us](https://docs.eesel.ai/support/contact).

## Resources

* [Privacy Policy and Terms](https://www.eesel.ai/privacy)
* [Trust Center](https://app.aus.vanta.com/eesel.ai/trust/5ncypy4hkv10s9yf7il8sp)

## Compliance

| Standard          | Status                          |
| ----------------- | ------------------------------- |
| **SOC 2 Type II** | In progress                     |
| **GDPR**          | Compliant                       |
| **CCPA**          | Compliant                       |
| **HIPAA**         | Not compliant — [see FAQ](#faq) |
| **BAA**           | Not compliant — [see FAQ](#faq) |

## Storing and processing data

Your knowledge sources are securely stored in a SOC 2 Type II certified vector database as embeddings (mathematical representations). These embeddings are what allow your agent to find relevant answers.

When a request is made, the agent uses embeddings to find related content and shares only specific relevant snippets with the AI model to generate a response.

* Your data is used **only** to train your agent and generate responses
* Your data is **never** used to train our underlying AI models
* Data is isolated per workspace — your content is never shared with other customers

## EU Data Residency

EU data residency is available upon request — your data will be hosted exclusively on EU servers. Our subprocessors (including OpenAI and Pinecone) are SOC 2 Type II certified for data security.

[Contact us](https://docs.eesel.ai/support/contact) if you want to be hosted on EU servers.

## Data retention

* Your data is retained as long as your account is active
* When you disconnect an integration or delete knowledge sources, the associated data is removed
* When you cancel your account, all data is deleted after a retention period
* Custom data retention options are available — [contact us](https://docs.eesel.ai/support/contact) with your specific requirements

## Encryption

* Data is encrypted in transit (TLS 1.2+)
* Data is encrypted at rest
* API tokens and credentials are stored using industry-standard secret management

## Access control

* Authentication via secure login (MFA available — [contact us](https://docs.eesel.ai/support/contact) to enable)
* Role-based access control for team members (see [Account Management](https://docs.eesel.ai/admin/account-management))
* API access is scoped per integration — we request only the permissions we need

## AI model security

* eesel AI uses leading AI models (OpenAI, Anthropic, Google) to power agents
* Your data is sent to these model providers only for inference (generating responses)
* No model provider stores or trains on your data
* The AI model is never given API tokens or direct access to your integrations — it only works with a copy of the data you explicitly share
* We maintain agreements with all AI model providers to ensure data protection

## FAQ

<details>

<summary>How does eesel handle prompt injection attacks?</summary>

The AI model is never given a token or API access to look at your data via tools or any other means, so prompt injection is not possible. Each agent has a separate copy of the data and can access nothing else — this copy is maintained programmatically.

</details>

<details>

<summary>How do we ensure only certain content is shared with the agent?</summary>

The AI model is never given a token or API access to your connected tools. It only works with a copy of the data you explicitly share with the agent, and that copy is maintained programmatically.

</details>

<details>

<summary>Is eesel AI HIPAA and BAA compliant?</summary>

No, eesel AI is not HIPAA and BAA compliant. However, we work with several healthcare companies. We recommend exploring custom data retention options with us — [contact us](https://docs.eesel.ai/support/contact) with your specific requirements.

</details>

<details>

<summary>Does eesel have indemnity insurance?</summary>

Yes. [Contact us](https://docs.eesel.ai/support/contact) for more details.

</details>

## Questions?

If you have security or compliance questions, or need to complete a security questionnaire:

* **Email:** <hi@eesel.app>
* **Support:** [Contact us](https://docs.eesel.ai/support/contact)

We're happy to work with your security team on assessments and provide any documentation you need.