Trust

Trust & Security

Much of our work involves sensitive information. This page is a plain-language overview of how we handle data, the AI services we rely on, and the coverage we carry. We are happy to share more detail on request.

How we handle your data

Confidentiality first

We treat client information, source code, and business data as confidential, and limit access on a need-to-know basis.

Least-privilege access

Access to systems and data is scoped to what a given piece of work requires, and removed when it is no longer needed.

Encryption in transit

Data moving between systems is encrypted using standard transport security.

Zero-retention AI tiers

Where available, we use AI services configured so that prompts, outputs, and source code are not retained by the vendor or used to train models.

Careful secrets handling

Credentials and API keys are kept out of source control and managed through dedicated secret stores.

Subprocessors

AI subprocessors

Some of the services we use process information using AI, where AI is a primary function of the service. We keep a current list of those subprocessors, including what each one is used for and how data is handled.

View the subprocessor list →

Insurance

Coverage we carry

We maintain cyber liability and technology professional liability (errors & omissions) insurance covering our work. A certificate of insurance is available to clients on request.

Questions

Talk to us

For security questions, documentation, or to report a concern, reach us at hello@generativelabs.com.