Trust & security

Your data is yours. We treat it that way.

Seventh Sense was built by a team that's spent careers handling sensitive data. SOC 2 Type II audited, GDPR and CCPA compliant, and operationally serious about the rest. Everything we do, documented below.

✓

SOC 2 Type II

Audited annually

⚖

GDPR

DPA available

★

CCPA

California compliant

🔒

Encrypted

In transit & at rest

Security

How we protect your data.

Seventh Sense was designed from the start to handle marketing data at enterprise scale - which means treating your engagement history, contact records, and AI model inputs like the strategic assets they are.

SOC 2 Type II audited

Annual independent audit covering security, availability, confidentiality, and processing integrity. Report available under NDA on request.

Encryption in transit & at rest

TLS 1.2+ for everything in transit. AES-256 for everything stored. No exceptions, no degraded modes, no legacy protocols.

Principle of least privilege

Role-based access control with break-glass logging. No engineer routinely has access to customer data. All admin actions audited and reviewable.

Tested infrastructure

Hosted on AWS with hardened VPC architecture, automated patching, and continuous vulnerability scanning. Third-party penetration tests run annually.

24/7 monitoring & incident response

Production monitoring, anomaly detection, and an on-call rotation. Documented incident response plan with customer notification SLAs.

Your data is your data

We do not sell, share, or train cross-customer models on your data without explicit opt-in. Each customer's AI is trained on their own program. Period.

Need our full Information Security Overview, SOC 2 report, or a custom security review? Get in touch.

Privacy

What we collect, why, and your rights.

Our privacy notice explains what we collect from website visitors, customers, and partners, why we collect it, how it's used, and what rights you have to access, correct, or delete it. We err on the side of collecting less, and we don't sell personal data - ever.

Privacy Notice

What we collect, how we use it, your rights, and how to contact us

→

Legal

The contracts, in plain documents.

Our terms of service, GDPR Data Processing Addendum, and the current list of sub-processors we rely on to deliver Seventh Sense. All publicly available. All up to date.

The agreement that governs use of Seventh Sense

→

GDPR Data Processing Addendum (DPA)

Our standard DPA - countersigned copies available on request

→

List of sub-processors

Every third-party service we use to deliver Seventh Sense

→

Information Security Overview (PDF)

Full technical and operational security summary

→