SOC 2 Certified
Independently audited by a CPA firm. Our controls for security, availability, and confidentiality meet AICPA Trust Services Criteria.
Architecture
Security is architectural,
not just policy
Encryption at Rest & In Transit
AES-256 encryption at rest. TLS 1.2+ for all data in transit. No plaintext storage of customer data at any layer.
Single-Tenant Architecture
Each customer's proprietary BOMs, pricing, and compliance data sit in their own encrypted context layer. Architectural isolation, not policy isolation.
No Cross-Tenant Model Training
Your data is never used to train models for other customers. This is the single biggest concern for industrial AI buyers and it is architectural by design.
Human-Approved Write-Backs Only
Nyotta reads from your systems continuously. It only writes back outputs that a human has explicitly reviewed and approved. No autonomous writes.
Full Audit Logs
Every read and write is logged with timestamps and user attribution. Required for your customers' own compliance audits. Nyotta supports their chain of custody.
SSO / SAML, MFA, and RBAC
Standard enterprise access controls. Integrate with your existing identity provider. Role-based permissions per program, per user.
Transparency
Sub-processor disclosure
Industrial buyers need to know who sees their data. We disclose our entire sub-processor chain on request.
Security questions?
We answer all of them.
DPA, MSA, CAIQ/SIG questionnaires, and architecture review available on request.