Security & Compliance

Enterprise-Grade Security

Your data security is our top priority. We've built Thig.ai from the ground up with security and compliance at its core.

Request Security Review View Certifications

SOC 2 Type II

Certified compliance with rigorous security standards for service organizations

GDPR Compliant

Full compliance with EU General Data Protection Regulation

CCPA Compliant

Compliance with California Consumer Privacy Act requirements

ISO 27001

Information security management certification (in progress)

Security Features

Multiple layers of security to protect your data

Data Encryption

TLS 1.3

All data in transit is encrypted using the latest TLS 1.3 protocol

AES-256

Data at rest is encrypted with AES-256, the industry gold standard

Key Management

Encryption keys are managed through AWS KMS with automatic rotation

Access Control

Role-Based Access

Granular permissions based on organizational roles

SSO / SAML

Enterprise single sign-on with major identity providers

MFA

Multi-factor authentication available for all accounts

Infrastructure

AWS Hosting

Hosted on AWS with multi-region redundancy

DDoS Protection

Enterprise-grade DDoS mitigation through AWS Shield

WAF

Web Application Firewall protects against common attacks

Monitoring

24/7 Monitoring

Continuous monitoring of all systems and infrastructure

Audit Logs

Comprehensive audit trails for compliance and security review

Incident Response

Dedicated security team with documented response procedures

Your Data, Your Control

We believe you should have complete control over your data

Data Residency

Choose where your data is stored. We offer data residency options in US, EU, and APAC regions.

Data Deletion

Request complete deletion of your data at any time. We'll remove it from all systems within 30 days.

Data Portability

Export all your data in standard formats. You own your data, always.

Zero AI Training

Your data is never used to train AI models. Available as an option for all enterprise customers.

Security FAQ

How is my data encrypted?

All data is encrypted both in transit (TLS 1.3) and at rest (AES-256). Encryption keys are managed through AWS Key Management Service with automatic rotation.

Where is my data stored?

By default, data is stored in AWS US-East. Enterprise customers can choose data residency in EU (Frankfurt) or APAC (Singapore) regions.

Is my data used to train AI models?

Your content is processed by AI providers (OpenAI/Anthropic) to generate PRDs, but it's not used to train their models. Enterprise customers can opt for zero retention policies.

How do you handle security incidents?

We have a documented incident response plan. In the event of a security incident, affected customers are notified within 72 hours as required by GDPR.

Can I bring my own API keys?

Yes, Professional and Enterprise customers can use their own OpenAI or Anthropic API keys for complete data sovereignty.

Do you have a bug bounty program?

Yes, we run a responsible disclosure program. Security researchers can report vulnerabilities to security@thig.ai for review and potential reward.

Questions About Security?

Our security team is happy to answer questions or provide additional documentation.

Contact Security Team Privacy Policy