Protecting your data is our priority

AssemblyAI uses encryption in transit and encryption at rest to provide confidentiality to our customers. By default AssemblyAI uses AES-256 at rest and TLS 1.3 in transit.

Access controls fortify organizational security to ensure that people only have access to the resources and data that they need.

Auditable change management provides accountability and transparency when improving the systems you value. Management procedures include data privacy impact assessments (DPIAs), transfer impact assessments (TIAs), ticketing across engineering teams, and secure SDLC.

We stringently follow industry-established standards and practices for top security. These practices include data processing agreements, master service agreements, annual internal and external audits, risk assessment and risk management processes, and updated company terms of service.

Penetration tests simulate real-world cyber attacks and help us proactively improve our security posture. With the help of industry-leading firms, AssemblyAI conducts penetration tests on its internal and customer-facing assets at least once annually.

Vulnerability scans help identify gaps so we stay ahead of bad actors. AssemblyAI conducts these scans periodically, and any vulnerabilities are remediated based on criticality.

Uptime monitoring, including current uptime and historic uptime statuses, provides you with the assurance that system availability is high and services are not disrupted, so you can keep developing with ease.

AssemblyAI provides all contracted customers with 99.9% uptime.

SOC 2 Type 1 compliance means AssemblyAI follows internal security controls, policies, and procedures upheld by the American Institute of Certified Public Accountants (AICPA).

SOC 2 Type 2 certification verifies that AssemblyAI has successfully completed a thorough audit, certifying that our security policies and controls continuously meet the highest industry standards when it comes to keeping data safe and confidential.