Enterprise
Compliance
NeuronEdge is designed to help enterprises meet regulatory requirements for data protection when using AI. Our architecture and practices support SOC 2, GDPR, HIPAA, and CCPA compliance.
Security Architecture
Zero Data Persistence
PII is processed in-memory only. Original values are never written to disk, logs, or any persistent storage. This is our core design principle that enables compliance with the strictest data handling requirements.
Encryption in Transit
All data is encrypted using TLS 1.3 between your application, NeuronEdge, and LLM providers. We enforce HTTPS for all API connections.
Encryption at Rest
Configuration data, API keys (hashed with bcrypt), and audit metadata are encrypted at rest using AES-256 on SOC 2 certified infrastructure.
API Key Security
API keys are hashed using bcrypt before storage. We never store plaintext keys. Keys can be revoked instantly and are scoped to organizations.
Regulatory Support
SOC 2 Type II
NeuronEdge infrastructure runs on SOC 2 Type II certified platforms (Cloudflare, Neon). We maintain security controls for:
- • Security - Protection against unauthorized access
- • Availability - System uptime and performance
- • Confidentiality - Protection of confidential information
GDPR
NeuronEdge supports GDPR compliance through:
- • Data Processing Agreement (DPA) for all customers
- • Standard Contractual Clauses for international transfers
- • Article 28 compliant processor agreements
- • Data minimization - we only process what's necessary
- • Right to erasure - account deletion within 30 days
- • Zero PII persistence - no GDPR data stored
HIPAA
For healthcare customers handling Protected Health Information (PHI):
- • Business Associate Agreement (BAA) available for Enterprise
- • PHI detection entities (MEDICAL_RECORD, HEALTH_PLAN, NPI, etc.)
- • Zero PHI persistence architecture
- • Audit logging with configurable retention
- • Infrastructure on HIPAA-eligible platforms
CCPA
California Consumer Privacy Act compliance:
- • We are a "Service Provider" under CCPA
- • We do not sell personal information
- • Consumer deletion requests honored
- • Transparent data practices in Privacy Policy
Infrastructure Security
NeuronEdge runs on enterprise-grade, certified infrastructure:
| Provider | Purpose | Certifications |
|---|---|---|
| Cloudflare | Edge computing, CDN | SOC 2, ISO 27001, GDPR |
| Neon | Database (PostgreSQL) | SOC 2, HIPAA BAA available |
| Clerk | Authentication | SOC 2 |
| Stripe | Payment processing | PCI DSS Level 1 |
Audit Logging
NeuronEdge maintains audit logs for compliance and operational visibility:
What We Log
- • Request metadata (timestamps, endpoints, response codes)
- • Entity types detected (counts only, never actual values)
- • Detection latency metrics
- • Policy and configuration changes
What We Never Log
- • Actual PII values (names, SSNs, emails, etc.)
- • Message content
- • LLM responses
- • Provider API keys
Retention Periods
- • Starter: 7 days
- • Professional: 30 days
- • Enterprise: 90 days (configurable)
Compliance Documents
Need Custom Compliance?
Enterprise customers can request:
- • Custom Data Processing Agreements
- • Business Associate Agreements (HIPAA)
- • Security questionnaire responses
- • SOC 2 report access
- • Penetration test results