Circleback is SOC2 Type II and EU-U.S. Data Privacy Framework-certified and uses industry-leading practices to handle customer data, including encrypting data at-rest and in-transit.

Additionally, we do not use customer data to train models. Our security portal at security.circleback.ai has more information, including a report of an external pentest done on our infrastructure.

Circleback is also HIPAA-compliant and can sign BAAs with enterprise customers.