Security & Trust
Built for Compliance-Grade Document Processing
Docy AI is designed for regulated workflows where auditability, consistency, and controlled evidence handling are not optional — they are operational requirements.
- AWS-hosted infrastructure for secure processing and storage
- Encryption in transit and at rest
- Role-based access control (RBAC) and workspace permissions
- Audit logs and traceability for regulated workflows
- Human-in-the-loop exception handling for compliance decisions
Hosting & Infrastructure
Docy AI is hosted on Amazon Web Services (AWS), providing enterprise-grade reliability, security, and scalability for document processing and storage.
- Secure document processing and encrypted storage on AWS
- Operational monitoring, alerting, and reliability practices
- Controlled access to production systems with least-privilege defaults
- High-level architecture summary available in our Security Pack
Authentication & Access Control
Docy AI supports multiple authentication methods and granular permission controls, ensuring that every user only has access to the resources they need.
- Email + password login and Google sign-in supported
- Granular workspace and project-level permissions
- Controls for evidence uploading, agent execution, and output export
- User and workspace administration with role assignment
Encryption & Data Protection
All data is encrypted both in transit and at rest. Evidence files, extracted data, and workflow outputs are protected throughout the entire processing lifecycle.
- TLS encryption for all data in transit between browser and Docy AI
- AES-256 encryption at rest via AWS storage mechanisms
- Secure evidence handling throughout workflow execution
- No unencrypted data exposure at any stage of processing
Audit Logs & Traceability
Every action in Docy AI is logged and traceable. For regulated operations, this means complete case-level visibility from document upload through to final decision.
- Case-level traceability: upload timestamps, processing events, check execution
- Decision trail: auto-cleared vs flagged cases with documented reasons
- Versioned workflows: rule and checklist change tracking with effective dates
- Exportable evidence packages for reviewer and regulator reporting
AI Safety for Regulated Workflows
Docy AI is workflow-driven, not a generic chatbot. Every AI operation is structured, validated, and subject to human oversight where configured — ensuring safe, consistent outputs in regulated contexts.
- Structured extraction with validation and cross-checks across evidence sets
- Exception routing to human reviewers for edge cases and anomalies
- Configurable human approval gates for high-impact decisions
- Ongoing quality controls through sampling and evaluation
Data Privacy & Ownership
You retain full ownership of your data. Docy AI processes data exclusively for your configured workflows and does not use client data for model training.
- Client data ownership retained at all times
- Purpose limitation: data used only for configured workflows
- Retention and deletion controls aligned to your governance policies
- Subprocessor transparency and Data Processing Addendum (DPA) available
Incident Response
Docy AI maintains an incident response process to contain, investigate, and remediate security events. Impacted parties are notified as required by applicable regulations.
- Rapid containment and risk assessment
- Root cause investigation and documented analysis
- Notification of impacted parties as required by law
- Remediation and recurrence prevention measures
Procurement Ready
Security Pack
Need to complete a vendor assessment or security review? Our Security Pack provides the documentation your procurement and InfoSec teams require.
Included Documents
- Security overview document (PDF)
- High-level architecture summary (AWS-hosted)
- Subprocessor list
- Data Processing Addendum (DPA)
- Security questionnaire support
- Incident response overview
Have a security question or need to report a concern?