Prefactor is built for regulated environments. Full audit trails, enforceable controls, and compliance frameworks designed for teams that have to say yes to AI agents.
We are on track for SOC 2 Type II certification in 2026. Our infrastructure and controls are designed to meet the highest audit standards.
Designed for GDPR, HIPAA, SOC 2, ISO 27001, NIST AI RMF, and EU AI Act. Audit logging, access controls, and data residency to meet your requirements.
Your customer data stays yours. We never use agent interactions or customer data for model training, fine-tuning, or improvement.
Immutable audit logs for every agent action. Complete visibility into what agents do, who triggered them, and what they decided — powered by encrypted, tamper-proof records.
Information security management controls aligned with ISO 27001. Documentation, audit trails, and governance processes designed for certification.
In ProgressAligned with NIST AI Risk Management Framework. Governance, monitoring, and control mechanisms for responsible AI deployment.
Designed ForDesigned for high-risk AI systems under EU AI Act. Audit logging, transparency, human oversight, and documented governance controls.
ReadyWorking toward SOC 2 Type II certification. Trust, availability, security, and confidentiality controls documented and audited.
In ProgressFull GDPR compliance. Data residency options, right to deletion, data portability, and subject access requests supported.
ReadyHIPAA-aligned controls for healthcare organizations. Encryption, access controls, audit logging, and business associate agreements.
Designed ForIf you discover a security vulnerability in Prefactor, please report it responsibly to security@prefactor.tech. Do not disclose the vulnerability publicly until we have had time to investigate and release a fix. We take security seriously and will acknowledge your report within 24 hours and provide regular updates on remediation progress.
We are currently working toward SOC 2 Type II certification. Our infrastructure is designed to meet these rigorous security standards, and we are on track for certification in 2026. We provide detailed security documentation to enterprise customers upon request.
Absolutely not. Prefactor does not use any customer data for model training. We are framework-agnostic and model-agnostic — our role is to govern and observe agents, not to modify or learn from the data they process. All customer data remains your property.
Prefactor is designed to support compliance across multiple frameworks including GDPR, HIPAA, SOC 2, ISO 27001, NIST AI RMF, and the EU AI Act. Our audit logging, access controls, and data residency options enable organizations to meet their specific compliance requirements.
Yes. We offer single-tenant deployment options for organizations with strict data isolation requirements. This includes dedicated infrastructure, custom data residency, and dedicated support. Contact our team to discuss your deployment architecture.
Prefactor uses industry-standard encryption at rest (AES-256) and in transit (TLS 1.3). All audit logs and configuration data are encrypted, and keys are managed securely. For regulated industries, we support customer-managed key encryption and HSM integration.
We currently operate in AWS regions: US East (N. Virginia), EU West (Ireland), and Asia Pacific (Sydney). For customers with specific data residency requirements, we can discuss custom deployment options.
Schedule a detailed security review with our team. We'll walk through architecture, compliance controls, and answer all your questions.
Book a security review →