This document describes our current and future approach to handling data security and privacy.
SAFA does not train on your data.
We are currently in the process of getting the SOC II Type 2 Certification for our application.
While we do not yet have the certification, our entire system uses HTTPS for secure transfer of data between our front-end web app, back-end server, and data generation server.
We have initial features around access control for data, allowing you to set who on a given project can edit or view its data. We will be building out more fine grained access control to match the functionality of the systems that we integrate with, such as specific provisions on what segments of data an individual can see and edit.
You can view our trust report and current progress on Vanta:
SAFA Trust Report
Access control is initially implemented as defining what users within an organization need access to view or edit data on a per-project basis.
We are currently implementing more fine grained access control permissions for all individuals within an organization, allowing specific control over what users have visibility and other access privileges on specific processes.
We do not currently have SSO or MFA implemented within our system, but do have plans to do so to have more secure control over what users have access to data within SAFA.
Once implemented, MFA will be enabled for all users and will be updated regularly. In the event of a breach, MFA will be used to protect access to data.