Security & compliance
SundayPyjamas ships production AI for teams that cannot treat security as an afterthought. This page summarizes how we think about isolation, access, evidence, and regulated workloads. For questionnaires, pen-test summaries, and DPA terms, contact us during pilot or enterprise procurement.
HIPAA & protected health information
Healthcare deployments require explicit architecture review, business associate agreements where applicable, and configuration aligned to your privacy program. We work with hospital and clinic networks under customer-led compliance oversight; HIPAA readiness is assessed per engagement — ask for the current posture and roadmap for your use case rather than inferring from a public checklist alone.
Workspace isolation
Customer workloads are segmented so your data, prompts, and retrieval corpora are not co-mingled with other tenants. Deployments can align to your cloud and network boundaries where architecture requires it.
Encryption & transport
Data in transit uses modern TLS. Credentials and integration secrets are handled as sensitive configuration — not logged in application output. Details for your review pack are available under NDA during enterprise evaluation.
Access control (RBAC)
Role-aware surfaces and scoped API access let you separate operator, staff, and end-user capabilities. Administrative actions should be attributable to identities your organization controls.
Audit trails
Higher tiers include audit trail and data residency documentation suitable for security questionnaires. Enterprise engagements can align retention and export expectations with your compliance team.
Data residency
We deploy where your procurement and security teams require — AWS, Google Cloud, or Azure — with attention to region choice and data flow. Specific residency guarantees are documented in Scale and Enterprise agreements.
SOC 2 roadmap
We are executing toward SOC 2 Type II readiness as customer demand and contract volume justify the attestation cycle. Ask for our latest status and target timeline during sales or pilot onboarding.
Nothing on this page amends your agreement. For the authoritative terms, see Terms and Privacy.