Compliance

Controls aligned to global frameworks.

Dainin AI is committed to strong operational, security, and privacy practices. Our controls are designed to align with globally recognised compliance frameworks, giving you confidence in how your data is handled.

Overview

Compliance at a Glance

Standard
Status

GDPR

Designed to operate in accordance with GDPR principles

Aligned

SOC 2

Security controls aligned with SOC 2 Trust Services Criteria

Aligned

ISO/IEC 27001

Security practices aligned with ISO 27001 framework

Aligned

Infrastructure Security

Built on enterprise cloud providers maintaining SOC and ISO certifications

Certified

Trust Services Criteria

SOC 2 Alignment

Our security controls are designed to align with the five SOC 2 Trust Services Criteria, providing a foundation for operational trust and accountability.

Security

Information and systems are protected against unauthorised access, disclosure, and damage through security controls.

Availability

Infrastructure and systems are available for operation and use as committed or agreed.

Processing Integrity

System processing is complete, valid, accurate, timely, and authorised to meet objectives.

Confidentiality

Information designated as confidential is protected throughout its lifecycle.

Privacy

Personal information is collected, used, retained, disclosed, and disposed of in conformity with commitments.

Information Security Management

ISO/IEC 27001 Alignment

Our security practices are aligned with the ISO 27001 framework, covering key domains of information security management.

Policy Frameworks

Documented information security policies reviewed and updated on a regular cycle.

Access Management

Role-based access controls, least-privilege enforcement, and regular access reviews.

Risk Management

Continuous risk assessment, treatment plans, and risk register maintenance.

Operational Security

Change management, capacity planning, malware protection, and logging controls.

Incident Response

Defined incident response procedures with escalation paths and post-incident reviews.

Data Protection

GDPR & Data Protection

Dainin AI is designed to operate in accordance with GDPR principles, ensuring personal data is handled lawfully, transparently, and securely.

Lawful Processing

Personal data is processed with a valid legal basis and for specified, legitimate purposes.

Data Minimisation

Only data that is necessary for the stated purpose is collected and processed.

Secure Handling

Appropriate technical and organisational measures protect personal data against unauthorised processing.

Retention

Personal data is retained only for as long as necessary to fulfil its processing purpose.

Data Subject Rights

Mechanisms exist to support access, rectification, erasure, restriction, and portability requests.

Infrastructure

Infrastructure Compliance

Dainin AI is built on enterprise-grade cloud infrastructure from providers that maintain industry-leading compliance certifications.

Amazon Web Services (AWS)

Primary cloud infrastructure with SOC 1/2/3, ISO 27001, and additional certifications.

SOC 2ISO 27001GDPR

Google Cloud Platform (GCP)

Compute and infrastructure services with SOC 1/2/3, ISO 27001, and additional certifications.

SOC 2ISO 27001GDPR

Vendor Management

Vendor & Subprocessor Governance

All third-party vendors and subprocessors are evaluated for security, privacy, and compliance before onboarding, and reviewed on an ongoing basis.

  • Security and privacy assessments before onboarding
  • Contractual obligations including data processing agreements
  • Regular reviews of vendor security posture
  • Incident notification requirements
  • Data handling and retention obligations

Continuous Improvement

Ongoing Compliance Readiness

Compliance is not a one-time exercise. We continuously assess and improve our controls to meet evolving regulatory requirements and security standards.

Regular Audits

Periodic internal reviews and readiness assessments against target frameworks.

Policy Reviews

Security and privacy policies reviewed and updated on a regular cycle.

Risk Monitoring

Continuous risk assessment with documented treatment plans and tracking.

Regulatory Tracking

Monitoring of regulatory changes to ensure ongoing alignment with requirements.

Learn More

Additional Compliance Resources

Questions?

Compliance Inquiries

For compliance-related questions, audit requests, or to request our security documentation, please contact our security team.

security@dainin.ai