At DataSnipper, we have established a comprehensive security program designed to protect our systems and customer data. This program is built on a foundation of robust governance, risk management, and continuous security controls to ensure the highest level of protection.

‍

Governance & Risk Management

Security at DataSnipper begins with strong governance and risk management policies that are approved and maintained by our top management. Our Enterprise Risk Management framework ensures that (information) security risks are assessed, documented, and mitigated proactively. In addition, our Risk Management process defines structured steps to continuously evaluate and address potential threats.

We have a Third-Party Risk Management program in place to assess and manage security risks associated with external vendors. To maintain control over our IT assets, we rely on an Asset Management Program, where all critical systems, hardware, and services are tracked and managed.

‍

Security Controls & Monitoring

To safeguard our infrastructure, we enforce strict access control measures that ensure only authorized personnel have access to critical systems. Our Security Awareness Training program educates and assesses employees on security best practices, ensuring that security remains a shared responsibility across the organization.

External security testing is an integral part of our program. We conduct regular penetration tests performed by certified security professionals to validate the effectiveness of our defenses. Additionally, our Vulnerability Management framework helps to proactively identify and address potential security gaps. Alongside this, we implement real-time security monitoring, allowing us to detect and respond to threats as they arise.

In the event of a security incident, our Incident Response Plan ensures a structured escalation process, allowing us to contain and resolve issues efficiently. To guarantee business continuity, we adhere to SOC 2 control 32, which outlines our Business Continuity and Disaster Recovery framework.

Finally, as part of our Physical Security measures, DataSnipper’s infrastructure is hosted in Microsoft Azure, leveraging Microsoft's industry-leading security controls to safeguard data against physical, environmental, and infrastructure threats.

At DataSnipper, security is embedded in every aspect of our product. From the way we develop and deploy our software to how we protect and store data, our security-first approach ensures that our customers can trust the integrity and confidentiality of their information.

‍

Software Development & Secure Deployment

DataSnipper is built following a Secure Software Development Lifecycle (SDLC), where rigorous security measures are integrated at every stage of development. Our CI/CD pipelines include automated security checks, ensuring that vulnerabilities are identified and mitigated before deployment.

To maintain data integrity and prevent unauthorized access, we enforce strict environment segregation, ensuring that development, testing, and production environments remain completely separate. Additionally, our Change Management policies outline a structured approach to software updates and modifications, ensuring that changes are reviewed, tested, and securely deployed.

To further enhance security, we adhere to defined security configuration standards for web servers and software, providing a robust defense against potential threats.

A high-level data flow diagram is available to provide insights into how DataSnipper processes data securely. Additionally, our Security Release Documentation provides transparency by detailing all security changes and updates in each software release.

‍

Data Protection & Encryption

Protecting customer data is a top priority. We implement AES-256 encryption to safeguard data at rest and TLS 1.2 or higher to protect data in transit, ensuring that information remains secure throughout its lifecycle.

‍

Infrastructure & Network Security

DataSnipper’s infrastructure is hosted on Microsoft Azure, leveraging Azure’s industry-leading audited security controls for environmental and infrastructure protection. Our platform follows strict application and network security standards, ensuring that systems are configured securely to prevent unauthorized access.

To guarantee business continuity, our Backup & Disaster Recovery protocols include regular monitoring and testing of backup procedures. This ensures that critical data can be restored in case of any unexpected event.

Our Firewall continuously monitor network activity, identifying and mitigating potential security threats. We also implement network segmentation, logically separating environments to minimize risks and reduce attack surfaces.

For remote access, we enforce secure VPN policies, ensuring that only authorized users can connect to our systems through encrypted connections. By combining these measures, DataSnipper ensures a highly secure and resilient environment for all users.

‍

At DataSnipper, we integrate Artificial Intelligence (AI) technologies to enhance automation and efficiency while maintaining the highest standards of security, compliance, and transparency. Our AI solutions are designed to ensure that customer data remains protected, encrypted, and never used for model training.

‍

AI Overview

DataSnipper AI consists of two integrated features: DocuMine and Advanced Document Extraction (ADE).

• DocuMine is a pre-trained Large Language Model (LLM) local instance designed to process natural language queries without learning from user inputs.
• Advanced Document Extraction (ADE) is an Optical Character Recognition (OCR) engine that extracts and processes information from documents while maintaining data security.
• UpLink is an AI-powered platform for efficiently and securely requesting client documentation (PBC) that automates document requests via engagement templates and routes queries to a secure external LLM provider with zero data retention. For more details, see this page.

Both features, DocuMine and Advanced Document Extraction (ADE) rely on pre-trained models only. DataSnipper does not fine-tune or train any AI on customer data.

For a detailed explanation of how UpLink’s AI works, please visit this page.

Data Protection & Security Measures

DataSnipper applies AES-256 encryption to protect data in transit and at rest. AI-related customer data is processed only to generate outputs and is deleted after a short retention period:

• DocuMine stores input temporarily (up to 24 hours) to ensure performance and stability. It may collect non-identifiable metadata (e.g. document type, query type) for system optimization.
• Advanced Document Extraction (ADE) deletes all processed documents within 24 hours.
• Session management ensures data isolation between users.

All AI subprocessors are subject to our vendor risk management program, aligned with SOC 2 controls.

Compliance & Regulatory Considerations

DataSnipper AI complies with industry security standards and relevant legislations, including:

• SOC 2 – For security, availability, and confidentiality standards.
• GDPR – Ensuring alignment with EU data protection regulations.
• AI ACT – complying to evolving AI regulatory requirements.

To reinforce compliance, DataSnipper has implemented security controls to ensure the responsible use of AI and the protection of customer data. These controls include regular reviews to confirm that user inputs are not utilized for AI training and that access to AI-related systems remains restricted to authorized personnel.

Accuracy and Traceability

As with any AI system, responses may occasionally be incomplete or inaccurate. AI-generated content is provided “as is”, without warranties, and is excluded from indemnities under our standard terms.

To maintain transparency and trust, features like Documine provide traceable output: every AI response is linked to its source document, so users can verify exactly where the information comes from.

Legal Considerations

All input and output generated through AI features are considered Customer Data and remain fully owned by the customer. The AI features must not be used to process:

• Sensitive personal data (as defined under applicable privacy laws)
• Personal data of children under the age of 13
• Content that violates applicable law
• Data intended to train competing AI models

‍

DataSnipper reserves the right to suspend access to AI functionality in cases of policy breach, legal non-compliance, or risk to platform security.

At DataSnipper, we are committed to maintaining the highest standards of security and compliance. Our policies, audits, and regulatory frameworks ensure that we meet industry requirements while continuously improving our security posture.

‍

Audits

To demonstrate our commitment to security, DataSnipper is SOC 2 Type II compliant, meaning our systems and processes meet the stringent security, availability, and confidentiality requirements outlined in the SOC 2 framework. This compliance is reinforced through regular independent security audits, ensuring that our controls remain effective and up to date.

‍

Regulatory & Policy Compliance

Our compliance efforts extend beyond certifications, as we align our policies with legislative and regulatory requirements relevant to data security and privacy. We maintain a structured framework for internal compliance and ethics, ensuring that our cybersecurity, legal, and contractual obligations are documented and adhered to across the organization.

Recognizing the importance of third-party and supply chain security, we implement strict vendor management policies to assess and mitigate risks associated with external service providers and partners. Additionally, our records retention and data compliance policies define how we securely store, manage, and dispose of data in accordance with legal and regulatory obligations.

We uphold strong ethical standards through policies on fraud prevention, bribery, and corporate conduct, ensuring that integrity remains central to our business operations.

By adhering to these compliance measures, DataSnipper ensures that our customers can trust our platform to operate securely, transparently, and in alignment with industry best practices.

At DataSnipper, we prioritize the protection of your data by implementing strong security measures, transparent policies, and strict compliance frameworks to ensure your information is handled responsibly.

‍

Data Handling

We have implemented robust safeguards to protect against unauthorized access, ensuring that your data remains secure at all times. Our data retention policy follows the principle of minimal data retention, meaning we only store data for as long as necessary to fulfill its intended purpose.

Transparency is a core value in how we manage data. We maintain clear policies on how personal information is collected, processed, and stored. For detailed information on our data handling practices, please refer to our Privacy Policy.

‍

Privacy Compliance

DataSnipper aligns with GDPR and other privacy regulations, ensuring compliance with international data protection laws. DataSnipper Inc complies with the  EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and is listed on the Data Privacy Framework List. Our platform is designed to handle personally identifiable information (PII) and sensitive data securely, following strict policies to safeguard client information.

In the event of a privacy-related security issue, we have a Incident Management process in place to detect, report, and respond to breaches in a structured and timely manner. We enforce strict security controls to protect data integrity and confidentiality.

For details on what data we collect and how we process it, please refer to our Privacy Policy.