Your data is in safe hands

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. For customers who require additional control, we offer options to encrypt data with their own encryption keys (BYOK). Your data is protected at every layer of our infrastructure.

We offer flexible hosting options to meet your compliance needs. Choose between US-based hosting, EU-based hosting, or on-premises deployment. Data never leaves your chosen region, and we can provide documentation for regulatory requirements.

No, never. We contractually guarantee through our Security Addendum that your data stays yours. We do not use your inputs, outputs, or uploaded documents to train or fine-tune any AI models. Your confidential data remains secure and private.

We support enterprise SSO with SAML 2.0 and OIDC protocols, giving you full control over user authentication. Our role-based access control (RBAC) ensures users only have access to what they need. All access is logged and auditable.

We partner with top-tier security firms for annual penetration tests covering the full platform scope. We follow an 'assume breach' methodology to proactively identify and mitigate risks. Our SOC 2 Type I certification is current, with Type II underway.

When your contract ends, you can request a full export of your data. After a grace period, all your data - along with any dedicated storage resources associated with your account - is permanently deleted according to our data retention policies.

Every AI interaction processed through Oximy is logged with full traceability. You can review exactly what data was sent, what policies were applied, what threats were detected, and what actions were taken. This audit trail supports your compliance requirements.

Oximy is SOC 2 Type I certified (with Type II underway), HIPAA compliant, and GDPR ready. We also align with OWASP LLM Top 10, NIST AI RMF, ISO 42001, MITRE ATLAS, AIUC-1, and EU AI Act requirements. Visit our Trust Center for detailed documentation.