Built on enterprise-grade, certified infrastructure

Your data is protected.Here's exactly how.

Every layer of NeuraWrite runs on SOC 2 Type II and HIPAA-certified infrastructure. We're transparent about what we have — and what we're working toward.

0
Security breaches
4
SOC 2 certified partners
AES-256
Encryption standard
TLS 1.3
In-transit encryption
Security ContactStatus Page
Our partners are certified

Our hosting, database, auth, and AI providers all hold SOC 2 Type II and HIPAA certification. Your data lives on independently audited infrastructure.

NeuraWrite's own SOC 2 is in progress

We're a growing company actively working toward SOC 2 Type I (target Q4 2026). We're being transparent about where we are. Full details in FAQ.

What happens to your data

No black boxes. Here's exactly where your content goes from the moment you write it.

You write a prompt
Your input stays in your browser until submitted.
Encrypted in transit
TLS 1.3 — no one can intercept it in flight.
AI generates your content
Your prompt goes to the model. It is never stored for training.
Saved to your account
AES-256 encrypted at rest in Supabase (SOC 2 Type II).
Only you can see it
Access is scoped to your account. No one else can read your documents.

Every layer is independently certified

We selected partners specifically because they hold SOC 2 Type II and HIPAA certification — not as an afterthought.

Hosting & Edge
Global CDN, serverless compute, DDoS protection
SOC 2 Type IIISO 27001HIPAAPCI DSS v4
Database
Encrypted data storage and retrieval
SOC 2 Type IIHIPAA
Identity & Auth
Authentication, MFA, session management
SOC 2 Type IIISO 27001HIPAACCPA
AI Provider
Large language model inference
SOC 2 Type IIISO 27001ISO 42001HIPAA

Our compliance roadmap

Where we are today and where we're heading — with honest timelines.

Compliance progress3 of 5 milestones complete
3 completeSOC 2 Type I — Q4 2026
Security-forward architecture

Built on SOC 2 Type II certified multi-cloud partners from day one — hosting, auth, database, and AI layers are all independently audited.

Privacy policy & cookie consent

GDPR-aligned privacy policy, cookie banner, and data processing disclosures in place.

Formal security roadmap

Written security policies, access control procedures, and incident response plan documented.

SOC 2 Type IIN PROGRESS

Actively working toward our first SOC 2 Type I report (security, availability, confidentiality) with a certified auditor. Target: Q4 2026.

SOC 2 Type II & regulated verticalsROADMAP

SOC 2 Type II continuous audit, plus HIPAA alignment and HITRUST for healthcare and regulated industries. Target 2027.

Security controls in place today

These measures are active regardless of our certification status.

Data Protection

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • We never train AI models on your content
  • Automated data deletion on account close
  • Customer-controlled data export

Access & Identity

  • Auth powered by SOC 2 Type II certified provider
  • Multi-factor authentication (MFA) supported
  • Role-based access control (RBAC)
  • Least-privilege internal service accounts
  • Session management & revocation

Infrastructure

  • Hosting: SOC 2 Type II, ISO 27001, HIPAA certified
  • Database: SOC 2 Type II, HIPAA certified
  • Global edge network with DDoS protection
  • Automated dependency vulnerability scanning
  • Secrets managed via environment isolation

Monitoring & Response

  • Real-time error and anomaly alerting
  • Audit logs for critical actions
  • Written incident response plan (IRP)
  • Responsible disclosure / bug report channel
  • Annual penetration testing (planned)

AI Governance

  • No training on user content — ever
  • Output toxicity and bias filters
  • Prompt injection mitigations
  • Source citations on AI-generated content
  • Model versioning with rollback capability

Privacy Practices

  • GDPR-aligned privacy policy
  • CCPA opt-out and data request support
  • Cookie consent management
  • Data retention and deletion policies
  • Privacy contact: support@neurawrite.ai

Responsible AI

We use a leading enterprise AI provider built with safety as a first principle. Your content never improves the model. Ever.

Transparency
Source citations and AI attribution on every output — you always know where content came from.
Human oversight
Human review process for flagged or high-risk content. AI assists, humans stay in control.
No model training
Your prompts and documents are never used to fine-tune or train any model — ours or Anthropic's.

Frequently asked questions

Honest answers. No marketing fluff.

Have more questions?

We're happy to answer security questions, complete vendor questionnaires, or discuss DPA options for business accounts.

Contact usPrivacy PolicyTerms of Service

Last reviewed March 2026  ·  Report a vulnerability