Skip to main content
All CollectionsData Privacy & Security
Cassidy data & security policy
Cassidy data & security policy

Cassidy's data and security policy.

Jake Rosenthal avatar
Written by Jake Rosenthal
Updated over 4 months ago

At Cassidy, the security and protection of data are paramount. Our comprehensive approach ensures the safeguarding of all data, upholding both confidentiality and integrity.

For a comprehensive overview of all security aspects in our product, visit: https://trust.cassidyai.com/

Quick Overview:

  • No Model Training with User Data: At Cassidy, we guarantee that user data is not used for model training purposes.

  • Enterprise-Level Data Security: We employ advanced encryption protocols, ensuring top-tier security for data both in transit and at rest.

  • Compliance with CCPA and CASA Certification: Cassidy adheres to CCPA regulations and has achieved CASA certification, reflecting our commitment to secure API integrations and user privacy.

  • Advanced Infrastructure Security: Our security infrastructure includes row-level security and granular access control, protecting against unauthorized access.

  • SOC 2 Type II Compliance: Cassidy has achieved SOC 2 Type II compliance, reflecting our adherence to industry best practices in data security, availability, processing integrity, confidentiality, and privacy.

For further details, please review the comprehensive policy below.


Secure Data Storage and Advanced Encryption

All knowledge base data, chats, and other pertinent information are securely stored in our encrypted database on Amazon Web Services (AWS). We utilize advanced encryption methods, including TLS for data in transit and AES-256 for data at rest, ensuring robust data security.

Cassidy Chrome Plugin: A Secure Extension

The Cassidy Chrome Plugin mirrors our web application, offering a secure interface for data management. All data accessed and utilized via the Chrome Plugin is stored securely in our primary database.

Collaboration with OpenAI and Data Privacy

We process user queries in collaboration with OpenAI, adhering to stringent data privacy and security standards. Minimal, relevant data is securely transmitted to the OpenAI API without being used for future model training or retained on their servers. For detailed information on OpenAI's data policies, visit: [OpenAI API Data Usage Policies](https://openai.com/policies/api-data-usage-policies).

Compliance with CCPA Regulations

Cassidy rigorously adheres to the key principles of the California Consumer Privacy Act (CCPA), including the rights to know, delete, and opt-out, alongside non-discrimination and fulfillment of business obligations. These practices ensure that we respect and uphold the privacy rights of California consumers in compliance with CCPA regulations.

CASA Certification and Secure API Integration

Cassidy has achieved CASA certification, essential for security compliance in API integrations, including the Google Drive API. This certification underscores our compliance with critical security standards, vital for the secure integration of various APIs.

Infrastructure Security: Row-Level Security and Access Control

At the infrastructure layer, Cassidy implements row-level security, necessitating specific authentication methods for database access. Our access control is meticulously granulated, with distinct separation at both organization and individual user levels, bolstering security against unauthorized access.

SOC 2 Type II Certification

We are proud to announce that Cassidy has achieved SOC 2 Type II compliance, a testament to our unwavering commitment to the highest standards of security and trust. This certification demonstrates our dedication to maintaining a secure and trustworthy data environment, as validated by an independent third-party audit.

Contact for Inquiries

For further inquiries or clarifications regarding our data and security policies, please contact Garrett Wilson at support@cassidyai.com. We are committed to offering transparent and prompt support to all our users.

Did this answer your question?