Enterprise

Compliance

NeuronEdge is designed to help enterprises meet regulatory requirements for data protection when using AI. Our architecture and practices support SOC 2, GDPR, HIPAA, and CCPA compliance.

Security Architecture

Zero Data Persistence

PII is processed in-memory only. Original values are never written to disk, logs, or any persistent storage. This is our core design principle that enables compliance with the strictest data handling requirements.

Encryption in Transit

All data is encrypted using TLS 1.3 between your application, NeuronEdge, and LLM providers. We enforce HTTPS for all API connections.

Encryption at Rest

Configuration data, API keys (hashed with bcrypt), and audit metadata are encrypted at rest using AES-256 on SOC 2 certified infrastructure.

API Key Security

API keys are hashed using bcrypt before storage. We never store plaintext keys. Keys can be revoked instantly and are scoped to organizations.

Regulatory Support

Supported

SOC 2 Type II

NeuronEdge infrastructure runs on SOC 2 Type II certified platforms (Cloudflare, Neon). We maintain security controls for:

  • • Security - Protection against unauthorized access
  • • Availability - System uptime and performance
  • • Confidentiality - Protection of confidential information
Supported

GDPR

NeuronEdge supports GDPR compliance through:

  • • Data Processing Agreement (DPA) for all customers
  • • Standard Contractual Clauses for international transfers
  • • Article 28 compliant processor agreements
  • • Data minimization - we only process what's necessary
  • • Right to erasure - account deletion within 30 days
  • • Zero PII persistence - no GDPR data stored
Enterprise

HIPAA

For healthcare customers handling Protected Health Information (PHI):

  • • Business Associate Agreement (BAA) available for Enterprise
  • • PHI detection entities (MEDICAL_RECORD, HEALTH_PLAN, NPI, etc.)
  • • Zero PHI persistence architecture
  • • Audit logging with configurable retention
  • • Infrastructure on HIPAA-eligible platforms
Supported

CCPA

California Consumer Privacy Act compliance:

  • • We are a "Service Provider" under CCPA
  • • We do not sell personal information
  • • Consumer deletion requests honored
  • • Transparent data practices in Privacy Policy
Enterprise

FINRA

For financial advisory firms handling client personally identifiable information:

  • • Registered Investment Advisor (RIA) client data protection
  • • 3-year communication retention support
  • • FINRA Rule 4512 compliance assistance
  • • Entity templates encoding FINRA PII scope
Enterprise

FedRAMP

For government AI applications operating under FedRAMP moderate baseline:

  • • Expanded entity coverage (20+ identifiers) for government PII
  • • FedRAMP moderate control compliance
  • • Audit logging for government agency requirements
  • • Cloudflare FedRAMP certified infrastructure

Infrastructure Security

NeuronEdge runs on enterprise-grade, certified infrastructure:

ProviderPurposeCertifications
CloudflareEdge computing, CDNSOC 2, ISO 27001, GDPR
NeonDatabase (PostgreSQL)SOC 2, HIPAA BAA available
ClerkAuthenticationSOC 2
StripePayment processingPCI DSS Level 1

Audit Logging

NeuronEdge maintains audit logs for compliance and operational visibility:

What We Log

  • • Request metadata (timestamps, endpoints, response codes)
  • • Entity types detected (counts only, never actual values)
  • • Detection latency metrics
  • • Policy and configuration changes

What We Never Log

  • • Actual PII values (names, SSNs, emails, etc.)
  • • Message content
  • • LLM responses
  • • Provider API keys

Retention Periods

  • • Starter: 7 days
  • • Professional: 30 days
  • • Enterprise: 90 days (configurable)

Compliance Report Generation

NewProfessional+

Generate on-demand compliance reports from audit log metadata. Reports contain aggregated entity counts only — zero PII is included in any report. Perfect for regulatory audits and compliance certifications.

GET/api/reports/compliance

Generate a compliance report for a specified time period and regulatory framework.

Parameters

ParameterTypeDescription
start_datestringrequiredStart of reporting period (ISO 8601, e.g., 2026-01-01)
end_datestringrequiredEnd of reporting period (ISO 8601, e.g., 2026-01-31)
frameworkstringRegulatory framework: hipaa, pci_dss, soc2, finra, fedramp, general
formatstringReport format: json (default) or pdf (Enterprise only)

Response

json
{
  "report_id": "rpt_01JF...",
  "framework": "hipaa",
  "period": { "start": "2026-01-01", "end": "2026-01-31" },
  "summary": {
    "total_interactions": 12847,
    "interactions_with_pii": 3241,
    "pii_percentage": 25.2,
    "zero_persistence_confirmed": true
  },
  "entity_breakdown": {
    "PERSON": 1847,
    "DATE_OF_BIRTH": 892,
    "MEDICAL_RECORD_NUMBER": 312,
    "PHONE": 190
  },
  "performance": {
    "detection_latency_p50_ms": 4.1,
    "detection_latency_p99_ms": 8.2,
    "availability_percent": 99.97
  },
  "attestation": {
    "statement": "Zero customer PII was stored on NeuronEdge infrastructure during this period",
    "generated_at": "2026-02-01T00:00:00Z"
  }
}

GET /api/reports/history

List previously generated compliance reports with metadata and download links.

GET /api/reports/{reportId}

Retrieve a specific compliance report by ID. PDF download available for Enterprise tier.

Tier note: JSON reports available on Professional+. PDF export and scheduled report generation on Enterprise.

Vertical Compliance Templates

New

Pre-configured policy templates that encode regulation-specific entity selection, detection methods, and confidence thresholds. Use these to quickly bootstrap compliance across your organization.

HIPAA Safe Harbor

Healthcare entities detecting 18 PHI identifiers per HIPAA Safe Harbor method.

  • Entity count: 15
  • Detection method: Regex + NER hybrid
  • Response detection: Enabled

PCI-DSS Cardholder Protection

Payment industry compliance protecting sensitive cardholder data.

  • Entity count: 9
  • Detection method: Regex (credit card validation)
  • Response detection: Enabled

SOC 2 Data Protection

General PII protection aligned with SOC 2 Trust Services Criteria.

  • Entity count: 12
  • Detection method: Balanced regex
  • Response detection: Disabled

FINRA Client Protection

For registered investment advisors protecting client personally identifiable information.

  • Entity count: 14
  • Detection method: Balanced regex
  • Response detection: Disabled

FedRAMP PII Protection

For government AI applications under FedRAMP moderate baseline with expanded entity coverage.

  • Entity count: 20
  • Detection method: Thorough regex + NER
  • Response detection: Enabled

Create a policy from a compliance template via the Policies API:

bash
curl -X POST https://api.neuronedge.ai/api/policies/from-template \
  -H "Authorization: Bearer ne_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "template_id": "hipaa",
    "name": "Clinic HIPAA Policy",
    "description": "HIPAA compliance for patient portal"
  }'

See Policies API Reference for complete template options.

PII-Aware Alerting

NewProfessional+

Define alert rules evaluated against real-time metrics. When conditions are met, NeuronEdge fires webhooks to your monitoring systems for immediate notification.

Alert TypeTrigger Condition
Entity SpikeDetection rate exceeds baseline by threshold
High-Density RequestSingle request contains excessive entity density
Detection FailureDetection engine encounters errors
Zero DetectionNo PII detected for extended period
Policy MismatchRequest entity types don't match policy

Sample webhook payload when alert is triggered:

json
{
  "alert_id": "alert_01JF...",
  "alert_type": "entity_spike",
  "customer_id": "cust_01JF...",
  "timestamp": 1709000000000,
  "details": {
    "entity_type": "SSN",
    "current_rate": 847,
    "baseline_rate": 42,
    "window_minutes": 5
  },
  "severity": "high",
  "hmac_signature": "sha256=..."
}

Webhook Security

All webhooks are HMAC-signed using your webhook secret for verification. Payloads are retried with exponential backoff (3 attempts over 1 hour).

Tier availability: Professional (5 alert rules, webhook delivery), Enterprise (unlimited rules + email delivery + SMS alerts).

Real-Time Analytics Stream

NewEnterprise

Connect to a real-time Server-Sent Events (SSE) stream to receive live entity detection events. Use for real-time compliance dashboards, SIEM integration, or live operational monitoring.

text
GET /api/analytics/stream
Accept: text/event-stream
Authorization: Bearer ne_live_...

event: detection
data: {"request_id":"req_01JF...","timestamp":1709000000000,"entities":{"PERSON":2,"EMAIL":1},"provider":"openai","latency_ms":12}

event: detection
data: {"request_id":"req_01JF...","timestamp":1709000001000,"entities":{"SSN":1},"provider":"anthropic","latency_ms":8}

Use Cases

  • Live compliance dashboard: Real-time visualization of entity detections
  • SIEM integration: Forward events to Splunk, Datadog, or Sumo Logic
  • Anomaly detection: Real-time behavioral analysis and alerting
  • Operational monitoring: Track detection latency and provider performance

Tier availability: Professional (2 concurrent connections), Enterprise (10 concurrent connections, unlimited events).

Compliance Documents

Privacy Policy

How we collect, use, and protect your data

Terms of Service

Service agreement and usage terms

Data Processing Agreement

GDPR Article 28 compliant DPA

Need Custom Compliance?

Enterprise customers can request:

  • • Custom Data Processing Agreements
  • • Business Associate Agreements (HIPAA)
  • • Security questionnaire responses
  • • SOC 2 report access
  • • Penetration test results
Contact Enterprise Team

See Also: Threat Intelligence Dashboard

Monitor security events in real time, track attack patterns, and maintain a continuous security posture score to complement your compliance reporting.

Learn about Threat Intelligence →