OBSERVE.AI TRUST & SECURITY
Observe.AI security, privacy and responsible AI
At Observe.AI, we are committed to earning the trust of our customers by delivering world-class technologies that exceed industry standards and by placing rigorous security, privacy, and AI protocols at the core of everything we do. We ensure our LLMs produce accurate, unbiased results that you and your customers can trust. We believe in transparency and collaboration to ensure our customers can use our technology with confidence.
Regulatory Compliance
Compliant and Certified
The industries we serve—including banking and financial services, insurance, and healthcare—are accountable for safeguarding customer data by complying with global regulatory standards. We share this commitment and uphold the same standard practices.
We believe that your security and privacy deserve more than just baseline compliance. That’s why we commit to achieving the industry’s most rigorous certifications. As part of the certification process, we regularly undergo comprehensive third-party audits that examine every measure of security and privacy, continually re-evaluating our policies, procedures, and technical implementations over extended periods.
Data Security
How we safeguard your data
Keeping your customers' sensitive information protected at all stages is our top priority. That’s why we integrate enterprise-grade security measures, including:
- Automatic and selective redaction of PII/PCI data from audio and transcripts
- Encryption of all data in transit (TLS 1.3) and at rest (AES-256-bit encryption)
- Continuous backups and customer-controlled data retention
- Restricted direct human access to data with access control and authentication methods, including Least Privilege, just-in-time access, IP whitelisting, single sign-on (SSO), and role-based access control (RBAC)
Software security process:
From pipeline to production
Our software development life cycle includes rigorous end-to-end security controls, including security project reviews, code reviews, vulnerability and penetration testing, and threat modeling/monitoring.
Our software development life cycle (SDLC)
Access control measures to ensure only authorized users can access sensitive data
Security project reviews, security code reviews, and threat modeling/monitoring
Vulnerability assessments and penetration testing (VAPT)
Continuous credential management using encrypted secrets and multi-factor authentication (MFA)
Secure patch management with proactive vulnerability scanning and rapid patch deployment
Cloud & Infrastructure Security
Enterprise-grade cloud security
Observe.AI operates on AWS, leveraging its robust security and scalability features. Additional cloud infrastructure security measures include:
- Encryption of data at all stages, in transit (TLS v1.3 or SFTP) and at rest (AES w/256-bit keys)
- Segregation of non-production (CI/CD) environments from environments to ensure data integrity
- Enforced strict data isolation and segregation with multi-tenant and single-tenant options
- Strategically located data centers in the US and UK (Ireland) ensure high availability and geographic redundancy for enhanced resilience
- Conducting ongoing vulnerability assessments, penetration testing, and security reviews
- Implementing SentinelOne Cloud Native and Singularity Cloud Workload Security to secure cloud infrastructure from external threats and misconfigurations
Privacy & Data Retention
Data privacy and retention
Dive deeper into our privacy policy
Regulatory Compliance
Our privacy policies comply with GDPR, CCPA, HIPAA, PCI, and other global data protection regulations to ensure you’re fully compliant.
Privacy Compliance
We automatically redact PII, HIPAA, and PCI data from call recordings and other text-based interactions when the data enters the Observe.AI platform. Sensitive information such as personal details, home and email addresses, and banking information is removed from call recordings and other text-based interactions before they are analyzed.
Business Compliance
Our customers have full authority over the management of their data and can customize their retention, export, and deletion preferences.
AI Security and Model Governance
AI security, reliability, and governance
Observe.AI proactively safeguards its AI models from algorithmic discrimination and threats like data poisoning and model manipulation.
Our AI governance framework includes the following:
- Use of clean and trusted data sources
- Robust validation and verification checks to detect and address anomalies
- Periodic audits and algorithm assessment
- Continuous automated monitoring and feedback loops to ensure model reliability and fairness
- Periodic re-training to mitigate bias and maintain accuracyUse of anonymized and masked data for model training