PolyAI meets international standards for data security and privacy. Our voice agents comply with governmental and industry frameworks.
Below is an overview of the certifications and standards we adhere to and how they support our clients’ compliance programs.
Certifications and standards
ISO27001
We are certified for ISO/IEC 27001, the international standard for information security management systems (ISMS).
SOC 2 Type II
PolyAI has achieved SOC 2 Type II compliance, covering data security, availability, processing integrity, confidentiality, and privacy.
HIPAA
Where relevant, our systems are designed to meet HIPAA (Health Insurance Portability and Accountability Act) requirements. Protected health information (PHI) is handled securely.
- Learn more about HIPAA.
- Learn about AWS S3 for long-term storage.
PCI-DSS
Where relevant, PolyAI is committed to complying with the PCI-DSS (Payment Card Industry Data Security Standard) for payment card data.
Cyber Essentials & Cyber Essentials Plus
We are certified under the UK NCSC (National Cyber Security Center) Cyber Essentials and Cyber Essentials Plus frameworks, which protect against a wide variety of cyber threats.
GDPR
PolyAI complies with the General Data Protection Regulation (GDPR) to protect personal data and the privacy of individuals in the European Union. This includes:
-
Transparent data processing practices.
-
Secure handling of personal and sensitive information.
-
Measures to prevent data breaches.
-
Providing individuals with control over their personal data, including access and deletion requests.
-
Learn more about GDPR.
Last modified on April 20, 2026
