Welcome to the Redacto Trust Center

At Redacto, trust is at the core of everything we build. Our platform is designed to uphold the highest standards of security, privacy, compliance, and responsible AI — ensuring that your data is protected, your risks are minimized, and your obligations are met.

Our Certifications & Attestations

• ISO 27001:2022 — Certified Information Security Management System (ISMS)
• SOC 2 Type II — Security, Availability, Processing Integrity, Confidentiality, and Privacy. Audit period: January 2025 – December 2025. No deviations noted.
• ISO/IEC 42001 Aligned — AI Management System (AIMS) for responsible AI governance

What You'll Find Here

• Security — Comprehensive controls across data security, application security, infrastructure, endpoints, and network layers. Defense-in-depth architecture with AES-256 encryption, TLS 1.2+, RBAC, MFA, SIEM monitoring, and quarterly vulnerability assessments.
• Privacy — Full AICPA Privacy Criteria (P1–P8) compliance. Privacy-by-architecture design where customer data stays in your environment. Consent management, data subject rights, and breach notification procedures.
• AI Governance — Redacto operates as an AI User (ISO/IEC 42001 aligned). Human-in-the-Loop is mandatory for all AI-assisted decisions. Approved AI tools only, with input sanitization, output validation, and dedicated AI incident response.
• Compliance — Regulatory alignment with DPDPA, GDPR, CCPA, and sector-specific requirements for banking, finance, healthcare, and technology services.
• Vendor Management — Quarterly vendor reviews, contractual security controls, sub-processor transparency, and AI supplier due diligence with structured risk scoring.

Architecture — Built for Data Sovereignty

Redacto follows a Data Plane / Control Plane architecture:

• Data Plane (Customer-Hosted) — Deployed within your own cloud environment. All sensitive data stays in your infrastructure. Complete physical isolation between clients.
• Control Plane (Redacto-Hosted on GCP) — Handles only metadata and scan configurations. No customer data is processed or stored here. Logical isolation enforced through RBAC, network segmentation, and Row-Level Security.

No customer or personal data is stored on Redacto's network by design.

Our Commitment

Redacto is founded on the belief that privacy and security are not features — they are fundamental rights. We are committed to:

• Transparency — Open documentation of our security posture, AI practices, and compliance status
• Continuous Improvement — Regular audits, assessments, and updates to stay ahead of evolving threats and regulations
• Customer-First Security — Your data, your cloud, your control
• Responsible AI — AI augments human capability, never replaces human judgment

Built with Redacto. Powered by Redacto.