Skip to content
DONNA LogoDONNA

Security & Compliance

Security, governance, and auditability built for real operations

Security Features

End-to-End Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

SOC 2 Type II

Independently audited and certified for security, availability, and confidentiality.

Privacy First

We never train AI models on your data. Your information stays yours.

GDPR Compliant

Full compliance with GDPR, CCPA, and other privacy regulations.

Data Residency

Choose where your data is stored with regional data centers.

Incident Response

24/7 security monitoring with rapid incident response protocols.

Data Protection

Encryption

  • In Transit
    TLS 1.3 encryption for all data transmission
  • At Rest
    AES-256 encryption for stored data
  • Key Management
    AWS KMS for secure key storage and rotation

Access Control

  • Role-Based Access
    Granular permissions for team members
  • Multi-Factor Auth
    Required for all user accounts
  • SSO Integration
    SAML 2.0 for enterprise authentication

Compliance Standards

SOC 2 Type II
GDPR
CCPA
HIPAA (Healthcare)
PCI DSS (Payments)
ISO 27001
FERPA (Education)
GLBA (Financial)

Privacy Commitment

No Training on Your Data: We never use your business data, conversations, or documents to train our AI models.

Data Ownership: You own your data. You can export or delete it at any time.

Transparency: Clear documentation of how we collect, use, and protect your information.

Right to be Forgotten: Full GDPR compliance including data deletion requests.