Overview

Below is a high level description of our security, compliance, and privacy standards.

To monitor the real-time status of our cloud infrastructure, endpoints, corporate procedures, enterprise risk, and employee accounts, visit https://trust.deepdesk.com/.

Security

We use Google Cloud to support the deployment and management of our technology. You can read more about Google Cloud's security principles here: https://cloud.google.com/security/transparency. We also perform yearly penetration tests with trusted partners.The last pentest was performed in June 2022 by Fox-IT, a global cybersecurity expert and part of the NCCgroup.

Compliance

Deepdesk is currently fully GDPR compliant and ISO-27001 compliant. By default, we do not employ or share any algorithmic data with other AI services. No data is ever shared between tenants, and we do not use data without permission for generic models.

Deepdesk is also SOC 2 Type II compliant. Our independent third-party audit confirms that our security controls align with the AICPA’s Trust Services Criteria, which include security, availability, processing integrity, confidentiality, and privacy.

Privacy

To meet compliance and privacy needs, we offer an extensive PII filter to anonymize customer data which performs with leading industry standards recognition rates. We employ state-of-the-art transformer based NER’s (entity recognition) such as Flair, as well as rule based filtering. Our infrastructure also falls within Google Cloud's privacy principles, which you can read about here: https://cloud.google.com/privacy/common-privacy-principles.

Cloud and Dedicated Environments

Dedicated Environment

Deepdesk utilizes Google Cloud in Europe for the hosting and serving of our services and data storage, we do not employ or share any algorithmic data with the other AI services. No data is shared between tenants, and we do not use data without permission for generic models. By default we serve from the Google Cloud platform in Europe. As such, Deepdesk inherits the control environment which Google Cloud maintains and demonstrates via their ISO 27001 certification by EY

Flexible Architecture

Our architecture enables ML models per brand, channel, or per organization. This means our tenants are able to configure Deepdesk on a global scale, with deployments per country, language, brand, or channels such as chat, messaging, or voice and manage this in one place with our Studio.

Enhanced Security

For large enterprise customers who need an extra level of security and data isolation to meet their specific compliance and regulatory needs, we offer a dedicated environment. This environment and its resources are completely dedicated and customized to your implementation needs. Each instance contains its own load balancers, public IP addresses, databases, VPC networks, VPN server, and Kubernetes cluster

Data and storage

Environment

As previously mentioned, we serve from the Google Cloud platform in Europe. We provide a multi-tenanted, cloud-based, SaaS solution, with strict data and network segregation per tenant. The architecture provides isolated tenant environments, with strict data and network segregation.

Full data access controls

We encrypt all data-at-rest and in transit. For an additional layer of security we can employ CMEK (Customer Managed Encryption Keys) on request. This ensures that you have full cryptographic control over who can access your data.

Location policies

Using data and resource location policies, we can ensure that the creation of resources is limited to a region you define, and that your data never leaves the specified region. The default region in The Netherlands is ‘europe-west4’ (Eemshaven, Groningen), but any region supported by Google Cloud can be used.

Security policies

Role and Access Model

We work with the roles and rights infrastructure of Google Workspace for logical access control, access control to data, data entry control, appropriation control, retention, and deletion of data. We use the integral functionality of the Enterprise Security Command Center including threat and intrusion detection and logging

Compliance Monitoring

The integrated Security Command Center allows for continuous compliance monitoring, access control monitoring, audit logs, and real-time notifications and remediation across the Deepdesk platform. Compliance monitoring enables realtime reporting to help ensure all our resources are meeting their compliance requirements with PCI-DSS compliance monitoring, CIS compliance monitoring, and Security Health Analytics according to ISO 27001.

Logging and auditing

All cloud components have mandatory audit logging enabled. This is enforced at the organization level and cannot be turned off. Audit logs cannot be deleted and/or changed. We use Security Command Center to alert us on any sensitive permission changes and/or security issues. All Deepdesk components produce detailed logging to track errors and provide insight into application performance.