Encryption in transit and at rest
AssemblyAI uses encryption in transit and encryption at rest to provide confidentiality to our customers. By default AssemblyAI uses AES-256 at rest and TLS 1.3 in transit.
Network security, and role-based access controls
Access controls fortify organizational security to ensure that people only have access to the resources and data that they need.
Auditable change management procedures
Auditable change management provides accountability and transparency when improving the systems you value. Management procedures include data privacy impact assessments (DPIAs), transfer impact assessments (TIAs), ticketing across engineering teams, and secure SDLC.
Auditing and administrative practices
We stringently follow industry-established standards and practices for top security. These practices include data processing agreements, master service agreements, annual internal and external audits, risk assessment and risk management processes, and updated company terms of service.
Penetration tests simulate real-world cyber attacks and help us proactively improve our security posture. With the help of industry-leading firms, AssemblyAI conducts penetration tests on its internal and customer-facing assets at least once annually.
Vulnerability scans help identify gaps so we stay ahead of bad actors. AssemblyAI conducts these scans periodically, and any vulnerabilities are remediated based on criticality.
Uptime monitoring, including and , provides you with the assurance that system availability is high and services are not disrupted, so you can keep developing with ease.
AssemblyAI provides all contracted customers with 99.99% uptime.
SOC 2 Type 1
SOC 2 Type 1 compliance means AssemblyAI follows internal security controls, policies, and procedures upheld by the American Institute of Certified Public Accountants (AICPA).
SOC 2 Type 2
SOC 2 Type 2 certification verifies that AssemblyAI has successfully completed a thorough audit, certifying that our security policies and controls continuously meet the highest industry standards when it comes to keeping data safe and confidential.
GDPR was first published in 2016 to provide privacy for EU and EEA data subjects.
- AssemblyAI has completed a third-party assessment and has a completed report on compliance illustrating testing of our security controls.
- AssemblyAI values the privacy considerations of our customers and will continue to be assessed as we make improvements to our products.
PCI defines requirements for processing, storing, transmitting and accessing payment card information.
- As of December, 2023 AssemblyAI is in its inaugural PCI-DSS 3.2.1 audit.
- AssemblyAI is expected to deliver a completed Compliance Report in 2024.
EU Data Residency
EU Data Residency builds upon GDPR and helps customers within industries with more sensitive data requirements.
- AssemblyAI processes data in our European data processing center in Dublin, Ireland. Customers can store and process their data within the United States or the European Union, ensuring adherence to regulatory standards across both regions.
- Adherence to EU Data Residency is available to contracted customers. Please reach out to sales to get more information.