Pre-certification — SOC 2 Type I in progress

Security-forward, from day one

All of our infrastructure partners are SOC 2 Type II and HIPAA certified. We’re working toward our own SOC 2.

Security ContactStatus Page

All of our partners (hosting, identity, database, AI) are SOC 2 Type II and HIPAA certified. NeuraWrite itself is not yet certified; we’re working toward it. Details in the FAQ.

Our Compliance Roadmap

Where we are today and where we are heading — with honest timelines.

Security-forward architecture

Built on SOC 2 Type II certified multi-cloud partners from day one — hosting, auth, database, and AI layers are all independently audited.

Privacy policy & cookie consent

GDPR-aligned privacy policy, cookie banner, and data processing disclosures in place.

Formal security roadmap

Written security policies, access control procedures, and incident response plan documented.

SOC 2 Type I — in progressIN PROGRESS

Actively working toward our first SOC 2 Type I report (security, availability, confidentiality) with a certified auditor. Target: Q4 2026.

SOC 2 Type II & regulated verticals

SOC 2 Type II continuous audit, plus HIPAA alignment and HITRUST for healthcare and regulated industries. Target 2027.

Our Infrastructure Partners Are Certified

All of our partners are SOC 2 Type II and HIPAA certified. Your data runs on independently audited infrastructure.

Hosting & Edge
Global CDN, serverless compute, DDoS protection
SOC 2 Type IIISO 27001HIPAAPCI DSS v4
Identity & Auth
Authentication, MFA, session management
SOC 2 Type IIISO 27001HIPAACCPA
Database
Encrypted data storage and retrieval
SOC 2 Type IIHIPAA
AI Provider
Large language model inference
SOC 2 Type IIISO 27001ISO 42001HIPAA

Security Controls

The measures we implement and enforce regardless of our certification status.

Data Protection

  • AES-256 encryption at rest (database layer)
  • TLS 1.3 encryption in transit
  • We never train AI models on your content
  • Automated data deletion on account close
  • Customer-controlled data export

Access & Identity

  • Auth powered by SOC 2 Type II certified identity provider
  • Multi-factor authentication (MFA) supported
  • Role-based access control (RBAC)
  • Least-privilege internal service accounts
  • Session management & revocation

Infrastructure

  • Hosting layer: SOC 2 Type II, ISO 27001, HIPAA certified
  • Database layer: SOC 2 Type II, HIPAA certified
  • Global edge network with DDoS protection
  • Automated dependency vulnerability scanning
  • Secrets managed via environment isolation

Monitoring & Response

  • Real-time error and anomaly alerting
  • Audit logs for critical actions
  • Written incident response plan (IRP)
  • Responsible disclosure / bug report channel
  • Annual penetration testing (planned)

AI Governance

  • No training on user content — ever
  • Output toxicity and bias filters
  • Prompt injection mitigations
  • Source citations on AI-generated content
  • Model versioning with rollback capability

Privacy Practices

  • GDPR-aligned privacy policy
  • CCPA opt-out and data request support
  • Cookie consent management
  • Data retention and deletion policies
  • Privacy contact: support@neurawrite.ai

Responsible AI

We apply layered safeguards to ensure AI outputs are safe, accurate, and never trained on your content.

Transparency
Source citations and AI attribution on every output.
Human oversight
Human review process for flagged or high-risk content.
No model training
Your content is never used to fine-tune or train any model.

Frequently Asked Questions

Honest answers to common security and privacy questions.

Have more questions?

Our team is happy to answer security questions, review vendor questionnaires, or discuss DPA options for business customers.

support@neurawrite.aiPrivacy PolicyTerms of Service

Last reviewed March 2026  ·  Report a vulnerability