Skip to main content
Geta.ai

Security

Your data's protection is our top priority.

Certifications & Compliance

SOC 2 Type II

Annual third-party audit of our security, availability, and confidentiality controls

ISO 27001

Certified information security management system

GDPR Ready

Data processing agreements, consent management, and right-to-erasure workflows built in

Infrastructure Security

  • Hosted on AWS with multi-region redundancy
  • TLS 1.2+ encryption in transit; AES-256 encryption at rest
  • VPC isolation with private subnets for all data stores
  • Regular automated backups with point-in-time recovery
  • DDoS protection via AWS Shield

Application Security

  • Annual penetration testing by a third-party security firm
  • OWASP Top 10 vulnerability assessments
  • Dependency scanning and automated SAST/DAST in CI/CD pipeline
  • Role-based access control (RBAC) with least-privilege enforcement
  • Multi-factor authentication (MFA) for all internal systems

Data Privacy

We do not sell, rent, or share customer data with third parties for marketing purposes.

Customer contact data is logically isolated per tenant.

Data residency options available for Enterprise customers (India, EU, US).

Retention policies configurable per account.

Incident Response

24/7 security monitoring with automated alerting.

Documented incident response playbooks.

Customer notification within 72 hours of any confirmed breach affecting their data (GDPR-aligned).

Responsible Disclosure

If you discover a security vulnerability, please report it to security@geta.ai. We will acknowledge within 24 hours and keep you informed as we investigate.

Contact

For security questions: security@geta.ai