Security
Compliance
Engrami maintains compliance with major security frameworks and regulations to meet enterprise requirements.
Certifications & Standards
SOC 2 Type II
Annual audit of security, availability, processing integrity, confidentiality, and privacy controls.
ISO 27001
Information security management system certification covering policies, procedures, and controls.
GDPR
Full compliance with EU General Data Protection Regulation including DPA availability.
HIPAA
BAA available for healthcare customers handling protected health information.
GDPR Compliance
Data Subject Rights
- Right to Access - Export all personal data via API or dashboard
- Right to Rectification - Update or correct personal data
- Right to Erasure - Complete data deletion on request
- Right to Portability - Export data in machine-readable format
- Right to Restrict Processing - Pause data processing
Data Processing Agreement
Engrami provides a comprehensive DPA that covers:
- Sub-processor list and notifications
- Data transfer mechanisms (SCCs)
- Security measures and breach notification
- Audit rights and assistance obligations
Data Residency
Choose your data storage region:
Available Regions:
- US East (Virginia)
- US West (Oregon)
- EU (Frankfurt)
- EU (Ireland)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
# Data never leaves your selected regionHIPAA Compliance
For healthcare organizations handling PHI:
- Business Associate Agreement - BAA required before processing PHI
- Technical Safeguards - Encryption, access controls, audit logs
- Administrative Safeguards - Security policies, training, risk assessments
- Physical Safeguards - Data center security certifications
PHI Handling Configuration
{
"hipaa_mode": {
"enabled": true,
"phi_detection": "strict",
"audit_all_access": true,
"encryption": "aes-256-gcm",
"key_rotation": "90_days",
"session_timeout": "15_minutes",
"mfa_required": true
}
}SOC 2 Controls
Trust Service Criteria
- Security - Protection against unauthorized access
- Availability - System availability per SLAs
- Processing Integrity - Accurate and timely processing
- Confidentiality - Protection of confidential information
- Privacy - Collection and use of personal information
Key Controls
- Background checks for all employees
- Security awareness training
- Vulnerability scanning and penetration testing
- Incident response procedures
- Change management processes
- Vendor risk management
Audit Logging
Comprehensive audit logs for compliance reporting:
# Audit log entry example
{
"timestamp": "2024-01-20T10:30:00Z",
"event_type": "agent.message.created",
"actor": {
"user_id": "usr_abc123",
"ip_address": "192.168.1.100",
"user_agent": "Mozilla/5.0..."
},
"resource": {
"type": "agent",
"id": "agent_xyz789"
},
"action": "chat",
"result": "success",
"metadata": {
"tokens_used": 245,
"model": "gpt-4"
}
}
# Export logs
curl https://api.engrami.com/api/v1/audit-logs/export \
-H "Authorization: Bearer YOUR_TOKEN" \
-d "start_date=2024-01-01&end_date=2024-01-31&format=json"Compliance Reports
Available upon request under NDA:
- SOC 2 Type II Report
- ISO 27001 Certificate
- Penetration Test Summary
- Security Whitepaper
- Data Processing Agreement (DPA)
- Business Associate Agreement (BAA)