OximyOximy

Enterprise-Grade Security

Your data is in safe hands

SOC 2 certified. HIPAA and GDPR compliant. Your data is never used to train models.

Visit Trust Center
SOC 2 Type IHIPAA CompliantGDPR Compliant

Certifications

Independently verified

SOC 2 Type ICertified

SOC 2 Type I

Independently audited for security, availability, and confidentiality. Type II underway.

HIPAACompliant

HIPAA

Compliant with healthcare data protection requirements. BAAs available for enterprise.

GDPRCompliant

GDPR

Full compliance with EU data protection regulations. DPAs available on request.

View all certifications in our Trust Center

Security

Built for security from day one

Data Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256).

Flexible Hosting

US-based, EU-based, or fully on-premises deployment.

No Model Training

Your data is never used to train AI models. Contractually guaranteed.

SSO & Access Control

SAML 2.0 and OIDC. Fine-grained role-based access control.

Audit Logs

Every action logged and traceable. Full visibility for compliance reviews.

Penetration Testing

Annual pen tests by top-tier security firms across the full platform.

Zero Trust Architecture

Access is always verified, limited, and logged. No implicit trust.

Data Retention Policies

Configurable retention periods aligned with your policies and regulations.

Frameworks

Aligned with major AI security frameworks

OWASP LLM Top 10

Protection against all 10 critical LLM vulnerabilities

NIST AI RMF

Aligned with the NIST AI Risk Management Framework

ISO 42001

AI management system standards alignment

MITRE ATLAS

Defense against adversarial AI attack techniques

AIUC-1

AI User Controls standard compliance

EU AI Act

Ready for European AI regulatory requirements

FAQ

Common questions

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. BYOK (bring your own key) is available for customers who need additional control.

Choose between US-based, EU-based, or on-premises deployment. Data never leaves your chosen region.

No. We contractually guarantee your data is never used to train or fine-tune any AI models. Your inputs, outputs, and documents remain exclusively yours.

Enterprise SSO with SAML 2.0 and OIDC. Role-based access control ensures users only access what they need. All access is logged and auditable.

Annual penetration tests by top-tier security firms covering the full platform. SOC 2 Type I certified, with Type II underway.

You can request a full data export. After a grace period, all data and associated resources are permanently deleted per our retention policies.

Serious about security?

See how Oximy protects your AI systems while maintaining SOC 2, HIPAA, and GDPR compliance.

Trust Center