SOC 2 Type II Certified
Annual independent audit verifying security controls for data protection, availability, and confidentiality.
Enterprise Security & Compliance — SOC 2, ISO 27001, HIPAA, GDPR
isLucid meets the strictest security requirements. SOC 2 Type II, ISO 27001 certified, HIPAA BAA available, GDPR compliant. On-premise option for total data control.
4 Compliance certifications
How It Works
Step 1: Security assessment
Our team works with yours to assess security requirements and compliance needs.
Step 2: Architecture review
Choose cloud or on-premise deployment. Review data flow, encryption, and access controls.
Step 3: Compliance documentation
Receive SOC 2 reports, BAA agreements, DPA, and custom security questionnaire responses.
Step 4: Secure deployment
Deploy with your security team's approval. Ongoing monitoring and annual assessments.
Benefits
ISO 27001 Certified
International standard for information security management. Certified by accredited auditors.
HIPAA BAA Available
Business Associate Agreement available for healthcare organizations handling protected health information.
GDPR/CCPA Compliant
Full compliance with EU GDPR and California CCPA. Data processing agreements, right to deletion, and data portability.
Technical Specifications
- AES-256 encryption at rest
- TLS 1.3 in transit
- Role-based access control (RBAC)
- Audit logging with 7-year retention
- PII redaction in transcripts (configurable)
- Data residency options (EU, US, custom)
- Annual penetration testing by third-party
- SOC 2 Type II report available on request
Frequently Asked Questions
Is isLucid HIPAA compliant?
Yes. isLucid offers HIPAA Business Associate Agreements (BAA) for healthcare organizations. Our platform includes PHI safeguards, access controls, audit logging, and breach notification procedures. Our on-premise Agent Box option provides additional assurance by keeping all data within your network.
Where is my data stored?
Cloud deployment data is stored in SOC 2 certified data centers. You choose your data region (US, EU, or custom). For complete control, our on-premise Agent Box keeps all data within your data center. We never share or sell customer data.
Can I get a SOC 2 report?
Yes. Our SOC 2 Type II report is available under NDA. Contact our security team at [email protected] or request through your sales representative.
How does isLucid handle PII?
PII can be automatically redacted from transcripts and logs (configurable per your requirements). Access to PII is controlled via RBAC. All PII is encrypted at rest (AES-256) and in transit (TLS 1.3). Data retention periods are configurable.
What about GDPR right to deletion?
isLucid fully supports GDPR data subject rights including right to access, rectification, deletion, and data portability. Deletion requests are processed within 30 days. Our DPA (Data Processing Agreement) is available for all EU customers.