Security & Compliance

DocChat AI security architecture — SOC2-aligned, HIPAA-ready, zero document retention

We take the security of your documents seriously. DocChat AI is built with a zero-retention architecture — documents are processed in-session only and never written to any persistent storage. Your data stays yours.

SOC2 Compliance

Our architecture aligns with SOC2 Type II Trust Service Criteria covering Security, Availability and Confidentiality. Enterprise customers can request our security documentation and architecture review.

HIPAA Compliance

Business plan customers can process documents containing PHI under our HIPAA-ready configuration. Business Associate Agreements (BAAs) are available. No PHI is retained after session end. All API communications are TLS-encrypted.

Security summary

• Zero document retention — files deleted after session
• TLS encryption for all API communications
• SOC2-aligned security controls
• HIPAA-ready (Business plan)
• BAAs available for healthcare organisations
• SSO via Google and Microsoft (Business plan)
• No third-party data sharing