Analeph
Compliance & Security
Analeph is built with compliance-by-design principles. We align with major AI governance frameworks and privacy laws and provide deployment options that meet stricter regional requirements by default. Last updated: August 2025
Core AI Governance & Privacy
EU AI Act (General Purpose AI)
Designed for Compliance
Logging, transparency, and calibration features already in place; ready for assessment when required.
GDPR
In Compliance
Data minimization, right to erasure, and local-first design in Lite; Core supports customer-controlled data retention.
NIST AI RMF
In Compliance
Documentation, transparency, and risk monitoring in place; periodic review process to expand.
US State Privacy Laws (CCPA/CPRA, VCDPA)
In Compliance
Notice at collection, right to delete, and no sale of personal data.
Sector-Specific (Deployment-Dependent)
HIPAA (US Healthcare)
Capable of Compliance
Encryption, audit logging, and access control available; compliance depends on HIPAA-ready hosting + BAA with customer.
FERPA (US Education)
Capable of Compliance
No unnecessary student data collection; compliance depends on customer implementation.
PCI DSS (Payment Data)
Capable of Compliance
Encryption and data minimization possible; Analeph is not a payment processor by default.
Security Standards
ISO/IEC 27001
Designed for Compliance
Security controls mapped to ISO domains; formal certification planned post-Series A.
SOC 2 Type I
Designed for Compliance
Governance and audit frameworks designed to meet SOC 2; external audit to follow customer demand.
FedRAMP
Not Applicable
Analeph does not currently provide cloud services to U.S. federal agencies.