GoFactAI
Security

Your data is your data

Fact AI Lab is designed for regulated industries where data handling is non-negotiable. We process your LLM outputs to verify them — we do not store, train on, or share them.

Data residency

  • ·Your data never leaves your designated cloud region without explicit configuration
  • ·Audit logs written to your S3-compatible storage, not ours
  • ·No cross-customer data access — single-tenant log storage by default
  • ·Data processing region configurable: US, EU, CA

In-transit and at-rest

  • ·All API traffic encrypted in transit with TLS 1.3
  • ·Audit logs encrypted at rest with AES-256
  • ·Log entries are hash-chained: any tampering is detectable
  • ·Cryptographic signatures on each log entry using ECDSA-P256

Data retention

  • ·Raw prompts retained for 24 hours in our processing buffer, then purged
  • ·You control audit log retention — we do not impose a limit
  • ·Configurable retention policies for different workflow types
  • ·Deletion requests honored within 24 hours

Access controls

  • ·API key rotation available on-demand, no support ticket required
  • ·Webhook signature verification for all outbound events
  • ·IP allowlisting for API access
  • ·Detailed access logs available for your own SIEM

Certifications and compliance status

Fact AI Lab is a pre-Series A company. We do not yet hold SOC 2 Type II certification. We are designed with SOC 2 principles in mind and will pursue certification when our customer base requires it.

For security questions, contact: security@gofactai.com