Trust & security

SOC 2 Type II (in progress)

We are pursuing SOC 2 Type II attestation and are currently SOC 2 pending—meaning we are implementing the control framework, evidence collection, and operational practices expected for a successful examination. Our roadmap includes independent audit by a qualified firm; we will publish our report and trust materials for customers under NDA and, where appropriate, on this page as they become available.

Until our report is issued, we operate on the principle that security is never “done”: access is least-privilege, changes are reviewed, and we design for confidentiality, integrity, and availability of the services we provide.

Data handling & infrastructure

Customer content processed through SentientWeb, including request transcripts, configuration, and knowledge sources you connect—is handled with contracts and technical controls appropriate to a B2B SaaS provider. We use modern encryption for data in transit, protect data at rest with industry-standard mechanisms, and limit internal access to what is required for support and operations.

We rely on reputable cloud and AI infrastructure providers (for example, for hosting, databases, and model inference). We evaluate subprocessors for security posture and contractual commitments; a formal subprocessor list is maintained for customers and updated as our stack evolves.

Access, logging & incident response

Administrative access to production systems is restricted, authenticated, and logged. We maintain procedures for security incident identification, containment, and customer notification where required by law or contract. We welcome responsible disclosure of vulnerabilities and will work with researchers in good faith.

Your responsibilities

Security is shared. You are responsible for safeguarding your accounts, API keys, and integration credentials; for configuring routing and retention in line with your policies; and for ensuring that content you connect to the product complies with applicable regulations (including privacy and industry-specific rules). We provide tools and documentation to help you deploy safely; your legal and compliance teams should review fit for your jurisdiction and use case.

Questions & questionnaires

For security reviews, vendor questionnaires, or details on our SOC 2 timeline, contact us at hello@sentientwebsite.com. We are happy to work with procurement and InfoSec teams as we move through audit readiness.