Neuordoneuordo
Security

Your compliance data stays yours

We handle sensitive regulatory documents every day. Security is not a feature — it is the foundation every other capability is built on.

Security by design

Core controls built into every layer of the platform.

Data encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Encryption keys are managed per-tenant and rotated regularly.

Tenant isolation

Every organisation operates in a fully isolated data environment. Your documents, answers, and compliance data are never shared with or visible to other tenants.

Access control

Role-based access control (RBAC) at every layer. SSO via SAML 2.0 and OIDC, MFA enforcement, and fine-grained permissions for teams and documents.

Audit logging

Every action — document upload, answer generation, export, user login — is logged with a tamper-evident audit trail. Logs are retained for a minimum of 12 months.

Cloud infrastructure

Hosted on AWS in SOC 2-compliant regions. Infrastructure is managed with least-privilege IAM, private VPCs, and automated vulnerability scanning.

Backups & recovery

Automated daily backups with point-in-time recovery. RTO < 4 hours, RPO < 1 hour. Backup integrity is tested on a scheduled basis.

AI & data commitments

How we handle your data in the context of AI processing.

Your data is never used for model training

Documents, questionnaires, and answers you upload are used solely to serve your requests. They are never used to train, fine-tune, or improve any AI model — ours or a third party's.

No data shared with AI providers

Where we use third-party LLM APIs, we operate under zero-retention agreements. Prompts and completions are not logged or retained by the provider.

On-premises & private cloud available

Enterprise customers can deploy neuordo entirely within their own cloud environment or on-premises infrastructure, so data never leaves your perimeter.

Model outputs are traceable

Every AI-generated answer includes a source trace — showing which document or knowledge base entry it was drawn from, so you can verify and audit every output.

Compliance & certifications

Our current certification status.

SOC 2 Type II

In progress

ISO 27001

Planned

GDPR compliant

Live

CCPA compliant

Live

Responsible disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly before disclosing it publicly. We commit to acknowledging your report within 48 hours and resolving critical issues within 14 days.

[email protected]

Have more security questions?

Our team is happy to walk through our security posture, share documentation, or complete your vendor security assessment.

Contact security team →Book a demo