Your data's privacy, security, and compliance aren't just commitments, they're built into Sumday from day one. With proactive safeguards, transparent processes and full user control, we ensure your data stays protected, always.
Built with best-in-class security practices, Sumday adheres to key industry regulations and security standards.
Sumday's software has undergone a Service Organization Controls audit (SOC 2 Type II).
Committed to compliance with Europe's General Data Protection Regulation (GDPR) and UK GDPR requirements.
Independently certified against international security management standards.
Regular third-party security assessments following industry best practices and methodologies.
Secure payment processing via Stripe, certified as a PCI Level 1 Service Provider.
Robust identity management with multiple authentication methods and login restrictions.
Authenticate into Sumday using enterprise identity providers or email authentication.
Integration with major identity providers including Azure AD, Okta, and Google.
Automated user provisioning and deprovisioning through your identity provider.
Role-based permissions to restrict access to sensitive functions.
Additional security layer required for all user accounts.
Employing advanced encryption and secure backup strategies, Sumday ensures your data remains protected.
All data and backups secured with AES-256 encryption.
TLS 1.2 encryption for all data in transit between browser and server.
A+ rated SSL configuration with HSTS enabled through Azure.
Weekly backups retained for one month. Monthly backups retained for one year. Yearly backups retained for two years. Point-in-time recovery available for 7 days.
We take data and security very seriously.
Yes, we maintain ISO 27001, SOC 2 Type II, and GDPR. We will complete your IT team's security process to confirm this, Sumday has never failed this process for our enterprise and government clients.
Sumday is hosted on Microsoft Azure in ISO 27001 / SSAE 18 compliant data centres; production servers are in Australia. Physical security is deferred to Azure.
No. The data you submit and the responses you receive through Sumday and our AI tools are used only to serve your organisation. They are not used to train models across customers or shared between customers.
No, we never use your data to train any models.
We use a diverse range of LLMs, including models from OpenAI's GPT series of models, Anthropic's Claude series of models, and Google's Gemini series of models, to deliver the best outcomes for customers. The LLM providers we use do not retain your inputs and outputs, or use them to improve their services.
No, none of the LLM providers store your data or the responses you receive.
We value transparency and clarity when it comes to data and security, ask any questions you have, any time.
