Security & Compliance

1. Data handling

• Ingestion: We process documents you connect or upload to enable search and chat.
• Derived data: We store extracted text chunks, embeddings, and metadata needed for retrieval.
• Temporary files: If local files are uploaded for ingestion, they may be stored temporarily and deleted after processing (where configured).

2. Access controls

• Principle of least privilege for services and roles
• Tenant isolation (customer data separated by account/tenant)
• Admin-only actions protected by role checks

3. Encryption

• In transit: TLS/HTTPS for network traffic.
• At rest: Encryption for managed storage services where supported (e.g., cloud volumes and databases).

4. Google API compliance

Wyshon’s use of Google user data follows the Google API Services User Data Policy (Limited Use). We only access data you authorize and use it to provide user-facing features you request.

5. Incident response

We maintain operational monitoring and logs to detect errors and suspicious behavior. For security reports, contact support@wyshon.ai.

6. Privacy program

We support reasonable requests for access, deletion, and correction of account data. For details, see our Privacy Policy.

7. Roadmap (optional)

• Expanded audit logging and export controls
• Customer-managed retention settings
• Optional single sign-on (SSO) for business plans

If you need SOC 2 / ISO 27001 alignment for procurement, contact us and we can share our current posture and plans.