Trust Center
Welcome to DocuChat's Trust Center. Here we share our compliance documentation, security measures, and privacy practices. We believe in transparency and want to give you full confidence in how we protect your data.
Compliance
GDPR
Privacy Notice
ISO 27001:2022
Policies & Procedures
Information Security Roles and Responsibilities
Software Development Lifecycle Policy
Business Continuity Plan
Operations Security Policy
Data Management Policy
Controls
We implement a range of controls to protect your data and ensure the highest level of security. These include the following:
Security Policies and Organization
Implemented comprehensive information security policies and procedures
Established clear security roles and responsibilities across organization
Enforced segregation of duties for critical systems
Maintained active contact with security authorities and groups
Integrated security requirements into all project management
Asset and Access Management
Maintained up-to-date inventory of all information assets
Enforced role-based access control across all systems
Implemented secure password policies and password manager
Conducted quarterly access rights reviews
Enforced multi-factor authentication across all services
Protected source code access with additional security controls
Applied data classification and handling procedures
Implemented secure media disposal processes
Technical Security
Enforced encryption for data at rest and in transit
Implemented centralized key management system
Established automated backup procedures with encryption
Implemented comprehensive logging and monitoring
Conducted regular vulnerability assessments
Enforced network segmentation and security controls
Maintained secure communication protocols
Systems Development and Operations
Implemented secure development lifecycle process
Enforced change management procedures for all systems
Maintained separate development and production environments
Implemented automated CI/CD security checks
Monitored system capacity and performance
Vendor Management and Business Continuity
Implemented supplier security requirements in contracts
Monitored supplier service levels and security compliance
Maintained business continuity and disaster recovery plans
Conducted regular disaster recovery testing
Established incident response procedures
Compliance and Risk Management
Conducted regular risk assessments and treatment
Maintained compliance with applicable regulations
Implemented privacy and data protection controls
Maintained security metrics and reporting
Documented all security exceptions and risks
Implemented physical security controls
Subprocessors
For US-based providers, we ensure GDPR compliance for all data transfers by using EU-based servers or implementing Standard Contractual Clauses (SCCs).
AWS EuropeLuxembourg (Data Hosted in Frankfurt)
Infrastructure & AI Provider
BrevoFrance
Email Service Provider
CohereUnited States (SCCs in Place)
AI Model Provider
CrispFrance
Customer Support Services
Lemon SqueezyUnited States (SCCs in Place)
Payment Processor
MistralFrance
AI Model Provider
OpenAIUnited States (SCCs in Place)
AI Model Provider
PostHogUnited States (Data Hosted in EU)
Product Analytics
SentryUnited States (Data Hosted in EU)
Observability Services