Security & Trust

Docy AI is built for compliance-grade document processing—where auditability, consistency, and controlled evidence handling matter. Our platform is hosted on AWS, supports Email/Password + Google sign-in, and is designed to help teams deploy AI into regulated workflows with confidence. docyai.com

Key Security Features

• AWS-hosted infrastructure for secure processing and storage

• Encryption in transit and at rest

• Role-based access control (RBAC) and workspace permissions

• Audit logs and traceability for regulated workflows

• Human-in-the-loop exception handling for compliance decisions

1. Overview

Docy AI is designed for workflows where “what happened” must be explainable—especially in energy compliance, finance, accounting, and audit-heavy operations. We focus on:

• Least privilege access by default

• Traceability across cases, evidence, and outputs

• Exception-first processing with human review gates

• Controlled sharing within workspaces/projects

2. Hosting & Infrastructure (AWS)

Docy AI is hosted on Amazon Web Services (AWS). Our infrastructure is designed to support:

• Secure environments for document processing and storage

• Operational monitoring and reliability practices

• Controlled access to production systems

If your team needs it, we can provide a high-level architecture summary in the Security Pack.

3. Authentication & Access Control

Docy AI supports:

• Email + password login

• Google sign-in

Access inside Docy AI is governed by permissions so you can control who can:

• upload evidence

• run agents

• review exceptions

• export outputs

• administer users/workspaces

4. Encryption & Data Protection

Docy AI protects data through standard security controls, including:

• Encryption in transit (secure transport between your browser/systems and Docy AI)

• Encryption at rest (encrypted storage supported by AWS mechanisms)

• Secure handling of uploaded evidence throughout workflow execution

5. Audit Logs & Traceability

For regulated operations, auditability is not optional. Docy AI is designed to support:

• Case-level traceability (who uploaded what, when processing occurred, what checks ran)

• Decision trail (auto-cleared vs flagged cases, with reasons)

• Versioned workflows (track changes to rules/checklists over time)

• Exportable evidence (where enabled) for reviewer/regulator reporting

6. AI Safety for Regulated Workflows

Docy AI is workflow-driven (not a generic chatbot). Safety and consistency are supported by:

• Structured extraction where possible (reduces ambiguity)

• Validation & cross-checks across evidence sets

• Exception routing to reviewers for edge cases

• Human approval gates for high-impact actions (e.g., final submissions/approvals)

• Ongoing quality controls (sampling/evaluation, where configured)

7. Data Privacy & Ownership

• You own your data. Your documents and outputs remain your property.

• Purpose limitation. Data is used to deliver the workflows you configure.

• Retention controls. Retention and deletion can align to your internal policy and regulatory requirements.

• Subprocessors transparency. We can provide a subprocessor list in the Security Pack (if applicable).

Need a DPA? Request our Data Processing Addendum.

8. Incident Response

If a security incident is suspected or confirmed, Docy AI follows an incident response process to:

• contain risk

• investigate root cause

• notify impacted parties as required

• remediate and prevent recurrence

Security contact: Team@docyai.com

9. Security Pack (Procurement Ready)

For vendor onboarding and procurement, we can provide:

• Security overview (PDF)

• High-level architecture summary (AWS-hosted)

• Subprocessors list (if applicable)

• DPA (Data Processing Addendum)

• Security questionnaire support (upon request)

• Incident response overview