Protecting your data is our priority
AssemblyAI uses enterprise-grade security practices to keep your data safe. We approach security by design and default, and continuously ensure AssemblyAI is secure for you and your team.
We keep your data safe and secure
AssemblyAI continuously improves capabilities to protect your data and ensure the confidentiality, integrity, and availability of AssemblyAI’s systems, so you can build with confidence.
Encryption in transit and at rest
AssemblyAI uses encryption in transit and encryption at rest to provide confidentiality to our customers. By default AssemblyAI uses AES-256 at rest and TLS 1.3 in transit.
Network security, and role-based access controls
Access controls fortify organizational security to ensure that people only have access to the resources and data that they need.
Auditable change management procedures
Auditable change management provides accountability and transparency when improving the systems you value. Management procedures include data privacy impact assessments (DPIAs), transfer impact assessments (TIAs), ticketing across engineering teams, and secure SDLC.
Auditing and administrative practices
We stringently follow industry-established standards and practices for top security. These practices include data processing agreements, master service agreements, annual internal and external audits, risk assessment and risk management processes, and updated company terms of service.
Pen tests
Penetration tests simulate real-world cyber attacks and help us proactively improve our security posture. With the help of industry-leading firms, AssemblyAI conducts penetration tests on its internal and customer-facing assets at least once annually.
Vulnerability Scans
Vulnerability scans help identify gaps so we stay ahead of bad actors. AssemblyAI conducts these scans periodically, and any vulnerabilities are remediated based on criticality.
Uptime Monitoring
Uptime monitoring, including current uptime and historic uptime statuses, provides you with the assurance that system availability is high and services are not disrupted, so you can keep developing with ease.
AssemblyAI provides all contracted customers with 99.99% uptime.
SOC 2 Type 1
SOC 2 Type 1 compliance means AssemblyAI follows internal security controls, policies, and procedures upheld by the American Institute of Certified Public Accountants (AICPA).
SOC 2 Type 2
SOC 2 Type 2 certification verifies that AssemblyAI has successfully completed a thorough audit, certifying that our security policies and controls continuously meet the highest industry standards when it comes to keeping data safe and confidential.
We are committed to meeting your compliance needs
AssemblyAI is dedicated to supporting the compliance needs of our customers.
GDPR
GDPR was first published in 2016 to provide privacy for EU and EEA data subjects.
- AssemblyAI has completed a third-party assessment and has a completed report on compliance illustrating testing of our security controls.
- AssemblyAI values the privacy considerations of our customers and will continue to be assessed as we make improvements to our products.
PCI-DSS
PCI defines requirements for processing, storing, transmitting and accessing payment card information.
- As of December, 2023 AssemblyAI is in its inaugural PCI-DSS 3.2.1 audit.
- AssemblyAI is expected to deliver a completed Compliance Report in 2024.
EU Data Residency
EU Data Residency builds upon GDPR and helps customers within industries with more sensitive data requirements.
- AssemblyAI processes data in our European data processing center in Dublin, Ireland. Customers can store and process their data within the United States or the European Union, ensuring adherence to regulatory standards across both regions.
- Adherence to EU Data Residency is available to contracted customers. Please reach out to sales to get more information.
Your privacy is of paramount importance
AssemblyAI values customer privacy. We consistently comply with privacy laws and remain transparent on our data management procedures, particularly related to data protection, retention and deletion, and training procedures. We continuously stay up to date with the latest security concerns and best practices. Visit our Trust Center to access our list of subprocessors, policies, reports, and additional trust documentation.