Privacy Policy

Data Security & Privacy

At AI Gap Analysis, we treat your compliance documentation with the highest level of confidentiality. We understand that your files contain sensitive intellectual property, and our system is designed to ensure your data remains isolated, secure, and under your control.

1. Data Ownership & No AI Training

You retain full ownership of all documents you upload and the analysis results we generate.

• Your IP: We do not claim any rights to your data.
• No Model Training: We use the enterprise APIs of our AI partners (OpenAI and Mistral). Unlike consumer AI tools (e.g., ChatGPT), data processed through these APIs is not used to train their models. Your confidential data will never be used to improve our AI models or those of third parties.

2. Security & Encryption

• Encryption at Rest: All files and database records are encrypted using industry-standard AES-256 encryption.
• Encryption in Transit: All data transmitted between your browser and our servers is protected via TLS 1.2+ (HTTPS).
• Database Isolation: We utilize strict Row Level Security (RLS). This ensures that your organization's data is cryptographically segregated at the database level, making it technically impossible for users outside your organization to access your documents.

3. Trusted Infrastructure

We rely on industry-leading, compliant infrastructure providers to process your data:

• Supabase: Database and secure file storage (SOC 2 Type 2 compliant).
• OpenAI & Mistral: AI inference and OCR processing (SOC 2 Type 2 compliant).
• Stripe: Payment processing (PCI DSS Level 1 Service Provider).

4. Data Retention & Deletion

You have complete control over your data lifecycle. If you delete a document or your entire organization account, your data is immediately and permanently removed from our database and storage systems. We do not retain shadow copies of deleted user files.

Questions? Emailsupport@tooling.studioand we'll be in touch.