Trust Center

Security & Compliance

Enterprise-grade security is not an add-on — it is the foundation. NetCausal is built from the ground up to meet the requirements of regulated industries and critical infrastructure operators.

Data Protection

Your Data, Your Control

Encryption everywhere. No exceptions.

Encryption at Rest

All data encrypted with AES-256 using customer-managed or platform-managed keys. Key rotation enforced automatically.

Encryption in Transit

TLS 1.3 enforced on every connection. No downgrade negotiation. Certificate pinning available for API integrations.

Data Residency

Data never leaves your chosen region. Full control over storage locality for regulatory compliance.

Access Control

Least Privilege by Default

Fine-grained access control, enterprise SSO, and a complete audit trail.

Role-Based Access Control

Granular RBAC with predefined and custom roles. Least-privilege enforced by default across all platform resources.

Single Sign-On (SSO)

SAML 2.0 and OIDC support for enterprise identity providers. Okta, Azure AD, Google Workspace, and Ping Identity tested.

Audit Logging

Immutable audit trail for every action. Exportable to your SIEM. Retention configurable up to 7 years.

Infrastructure

Deployed in Your Cloud

AWS, Azure, or GCP — NetCausal runs inside your VPC. Your data never leaves your environment.

Customer Cloud Deployment

Deployed inside your VPC — AWS, Azure, or GCP. Your data never traverses our infrastructure.

Network Isolation

Private endpoints, VPC peering, and network policies ensure zero exposure to the public internet.

Infrastructure as Code

Terraform-based deployment. Every resource versioned, auditable, and reproducible.

Compliance

Frameworks We Support

Built to operate in regulated environments from day one.

SOC 2 Type II

In Progress

Trust service criteria audit underway with a top-tier auditor.

CIS Benchmarks

Supported

Hardened images aligned with CIS Level 1 and Level 2 benchmarks.

NIST 800-53

Supported

Controls mapped to NIST 800-53 Rev. 5 for federal and regulated workloads.

PCI-DSS

Supported

Architecture designed to operate within PCI-DSS scoped environments.

HIPAA

Supported

BAA-ready deployment option with PHI isolation and access controls.

AI Governance

Responsible AI, Built In

Trustworthy AI requires more than accuracy. It requires transparency, accountability, and respect for customer data.

No Training on Customer Data

Your data is never used to train, fine-tune, or improve our models. Full data isolation guaranteed.

Explainable Decisions

Every AI recommendation includes a causal reasoning chain. No black-box outputs in production workflows.

Responsible AI Practices

Bias testing, model versioning, and human-in-the-loop review built into every deployment pipeline.

Have Security Questions?

Our security team is available to discuss your requirements, provide documentation, and walk through our architecture.

Reach us directly at security@netcausal.ai

Request Security Documentation