Security & Compliance

How we handle your data

Enterprise platforms. No data retention. DPAs available.

Your data during workshops

Your data stays yours. We never retain client data beyond workshop sessions.
Anonymization by default. Real examples use anonymized or synthetic data unless you choose otherwise.
No uploads without consent. We demonstrate techniques. You decide what to input.
Enterprise platforms only. ChatGPT Enterprise, Claude Enterprise, Gemini Enterprise—all with data processing agreements. Your data isn't used for model training.

Request DPA →

Standards We Align With

GDPR

Article 5: Data minimization in exercises
Article 17: Materials deleted on request
Article 22: Human-in-the-loop requirements covered
EU data residency available

EU AI Act

Risk classification frameworks
Transparency obligations
Human oversight requirements
Documentation practices

ISO 42001

Methodology aligned with AI management principles
Audit-ready documentation
Governance frameworks in 2-day programs

OWASP LLM Top 10

Prompt injection awareness
Data leakage prevention
All vulnerabilities covered

SOX (Finance)

Section 302/404: AI outputs require human verification
Internal controls integration
Audit trail recommendations

Before Engagement

What we'll ask for and what you'll get

What we'll ask for

Data handling preferences
Compliance requirements (HIPAA, SOX, PCI-DSS)
Approved AI tools list
NDA execution

What we'll provide

Standard NDA template (or sign yours)
Data Processing Addendum
Security questionnaire responses
Certificate of Insurance
Pre-filled compliance documentation

Common Questions

Will our data be used to train AI models?

No. Enterprise tiers exclude customer data from training. DPAs confirm this.

Do you have SOC 2 certification?

Not yet. We're a three-person team following SOC 2-aligned practices. Security questionnaire responses available.

Where is workshop data processed?

Your choice. ChatGPT Enterprise offers EU residency. Claude Enterprise uses EU infrastructure.

Can you sign a BAA for HIPAA compliance?

We don't work with PHI directly. For healthcare, we train using anonymized scenarios.

Need specific compliance documentation?

We're happy to provide security questionnaire responses, DPAs, NDAs, or any other documentation your procurement team requires.

Request Compliance Documents →

hello@excetra.ai

Your data during workshops

Your data stays yours. We never retain client data beyond workshop sessions.

Anonymization by default. Real examples use anonymized or synthetic data unless you choose otherwise.

No uploads without consent. We demonstrate techniques. You decide what to input.

Enterprise platforms only. ChatGPT Enterprise, Claude Enterprise, Gemini Enterprise—all with data processing agreements. Your data isn't used for model training.