Your research is your competitive edge. We protect it.
Market research reveals your strategy, pricing, and positioning. We built AudiAInce knowing that your data is as sensitive as it gets.
Data Isolation
Coming Soon
Your data stays yours. Period.
Brand Memory is yours alone
Our personas learn your brand's story and build relationships over time. But that learning is scoped to your account only. Your competitive insights never inform another customer's results.
No pooling. No "anonymizing."
Some platforms aggregate customer data, strip identifiers, and use it to "improve" their models for everyone. We don't. Your research data is never pooled or used outside your account.
Your edge remains your edge
If you discover that "Budget Moms" love your premium positioning, that insight belongs to you. Your competitors won't benefit from your research - even indirectly.
Our AI providers don't train on your data either
We use best-in-class AI APIs with clear data policies. Here's exactly what happens when your research runs through our system.
Anthropic
Powers our persona responses and analysis. Claude API terms explicitly state no training on customer inputs or outputs.
- No training on API data
- SOC 2 Type II certified
OpenAI
Additional model options for specific research tasks. API data is not used for training per their business terms.
- No training on API data
- SOC 2 Type II certified
Google Gemini
Expanded model capabilities for diverse research needs. Gemini API data not used for model improvement.
- No training on API data
- ISO 27001 certified
Perplexity
Powers calibration searches for demographic base rates. Only receives statistical queries - no brand data transmitted.
- Only calibration queries sent
- No brand data shared
Your product descriptions, survey responses, and brand memory stay within our infrastructure. External APIs receive only what's needed to generate responses - and none of them use API data for training.
Enterprise-grade infrastructure
Built on proven cloud infrastructure with encryption at every layer.
Encryption at rest
All data encrypted using AES-256. Database encryption enabled at the storage layer.
Encryption in transit
TLS 1.3 for all connections. HTTPS enforced across all endpoints.
Isolated environments
Customer data logically separated. No shared database tables between accounts.
Regular backups
Automated daily backups with point-in-time recovery. Backups encrypted separately.
Monitoring & alerting
24/7 infrastructure monitoring. Automated alerts for anomalies and security events.
Secure development
Code review required for all changes. Dependency scanning for vulnerabilities.
Defense-in-depth application security
Multiple layers of protection built into every request, from authentication to audit logging.
CSRF Protection
Cryptographically secure tokens protect against cross-site request forgery. Single-use tokens invalidated after each request.
Rate Limiting
Intelligent rate limiting on all endpoints. Stricter limits on authentication endpoints to prevent brute force attacks.
Security Headers
Content Security Policy, HSTS, X-Frame-Options, and other headers prevent XSS, clickjacking, and injection attacks.
Session Security
30-minute inactivity timeout with automatic session invalidation. Sessions tied to device fingerprints.
Security Alerts
Email notifications for failed login attempts, password changes, new device logins, and suspicious activity.
Password History
Prevents password reuse by tracking previous passwords. Configurable password expiration policies.
Verified security posture
We use automated security scanning to continuously monitor our security posture. Third-party verification means you don't have to take our word for it.
Continuous Scanning
Coming Soon
Access controls for teams
Control who can see what, and maintain a complete audit trail of all activity.
Audit Log
Coming Soon
Tamper-evident audit logs
Every action is logged with timestamps, user attribution, and cryptographic checksums. Chain-linked entries ensure log integrity - any tampering is immediately detectable.
- SHA-256 checksums on every entry
- Chain-linked integrity verification
- Before/after state capture for changes
- Export to XLSX, CSV for compliance
- 7-year retention for SOC 2
SSO Integration
SAML 2.0 single sign-on for enterprise identity providers. Okta, Azure AD, Google Workspace supported.
Multi-Factor Authentication
Enforce MFA across your organization. Support for authenticator apps and hardware security keys.
Role-Based Access Control
20+ granular permissions across 5 categories. Super Admin, Admin, User, and Read-Only roles out of the box.
Terms of Service Tracking
Track ToS acceptance by version. Automatic prompts when terms are updated. Complete acceptance audit trail.
Built with compliance in mind
Our platform is designed to support your regulatory requirements.
GDPR
Designed to support GDPR requirements including data minimization, right to access, right to erasure, and data portability.
CCPA
Built with CCPA principles in mind. Support for do-not-sell requests, disclosure requirements, and deletion rights.
SOC 2
Controls aligned with SOC 2 Trust Services Criteria including audit logging, access controls, rate limiting, and session management. Type II certification in progress.
DPA Available
Data Processing Agreements available for enterprise customers. Standard contractual clauses for international transfers.
Compliance is an ongoing process. Contact us for detailed documentation on specific requirements.
You control your data lifecycle
Retention
Data retained for the duration of your subscription plus 30 days. Configure shorter retention periods if required by your policies.
Deletion
Request complete data deletion at any time. We purge all data including backups within 30 days of verified request.
Export
Export all your data in standard formats. Survey results, brand profiles, and analysis available as JSON, CSV, or PDF.
Questions about security?
Our team is ready to discuss your specific security and compliance requirements. For enterprise customers, we offer security reviews and custom DPAs.
To report a vulnerability, please use our contact form. We appreciate responsible disclosure and respond within 24 hours.