You're trusting us with sensitive financial documents. Here's how we protect them.
Draco AI runs on Google Cloud Platform (GCP), leveraging Google's world-class infrastructure security. GCP data centers maintain rigorous physical security controls and are certified for ISO 27001, SOC 1/2/3, and PCI DSS compliance.
Our application infrastructure is designed with security in mind—isolated environments, least-privilege access controls, and continuous monitoring.
Encrypted at Rest: All documents and data stored in our systems are encrypted using AES-256, the same encryption standard used by banks and government agencies. Encryption keys are managed through Google Cloud's Key Management Service.
Encrypted in Transit: All data transmitted to and from Draco AI is protected using TLS 1.3. This ensures that your documents can't be intercepted or tampered with during upload or download.
Document Processing: When you upload a document, it's processed by our extraction and analysis systems, then stored securely in your account. Documents are never shared between customers or accessible to other users.
Data Retention: You control your data. Documents and analysis results are retained in your account until you delete them. Upon account termination, all associated data is permanently deleted within 30 days.
Access Controls: Access to production systems is restricted to essential personnel only, protected by multi-factor authentication, and logged for audit purposes.
We do not use your documents to train our AI models. Your financial data is processed solely to provide you with analysis and insights—never shared, sold, or used for any other purpose.
This is a core principle, not a policy we might change later. Your data is yours.
If you have security questions or need additional documentation for your vendor review process, reach out to us at [email protected]
