PolyAI is committed to meeting global standards for data security and privacy and ensuring our voice assistants comply with global governmental and industry frameworks.

Below is an overview of the certifications and standards we adhere to and how they support our clients’ compliance programs.

Certifications and standards

ISO27001

We are certified for ISO/IEC 27001, the international standard for information security management systems (ISMS).

SOC 2 Type II

PolyAI has achieved SOC 2 Type II compliance, ensuring robust controls for data security, availability, processing integrity, confidentiality, and privacy.

  • Learn more about SOC 2.

HIPAA

Where relevant, our systems are designed to meet HIPAA (Health Insurance Portability and Accountability Act) requirements, ensuring that protected health information (PHI) is handled securely.

  • Learn more about HIPAA.
  • Learn about AWS S3 for long-term storage.

PCI-DSS

Where relevant, PolyAI is committed to complying with the PCI-DSS (Payment Card Industry Data Security Standard) for payment card data.

Cyber Essentials & Cyber Essentials Plus

We are certified under the UK NCSC (National Cyber Security Centre) Cyber Essentials and Cyber Essentials Plus frameworks, which protect against a wide variety of cyber threats.

GDPR

PolyAI complies with the General Data Protection Regulation (GDPR) to protect personal data and ensure privacy for individuals within the European Union. This includes:

  • Transparent data processing practices.

  • Secure handling of personal and sensitive information.

  • Robust measures to prevent data breaches.

  • Providing individuals with control over their personal data, including access and deletion requests.

  • Learn more about GDPR.

Privacy Policy