SOC 2 Type II Certified
Independently audited controls over security, availability, processing integrity, confidentiality, and privacy— verified over a sustained period, not a single point in time.
Overview
dave.io takes concrete, technical steps to keep your data, infrastructure, and access secure — details on each control are covered in the sections below.
Agentic Layer
Context Lake
Your context lake resides securely within a physically isolated database instance. Access to its contents is strictly confined to your Dave agent, who has no means of sharing the data elsewhere. Additionally, a secure pipeline, dedicated solely to the context lake, handles all data ingestion and retrieval.
BYOC
Our standard deployment maintains robust security, with your data physically separated and isolated from other customers. For clients seeking maximum assurance, dave.io also supports Bring Your Own Cloud (BYOC). With this model, your sandbox environment and context lake storage reside entirely within your own cloud environment, ensuring your data and infrastructure remain under your complete control. This model provides the ultimate sovereign deployment for environments with strict compliance and trust requirements.
Compliance
dave.io is SOC 2 Type II, GDPR, HIPAA, and ISO compliant— reflecting independently audited controls around security, availability, processing integrity, confidentiality, and data privacy.
Independently audited controls over security, availability, processing integrity, confidentiality, and privacy— verified over a sustained period, not a single point in time.
Data handling, storage, and transfer practices align with EU data protection law: data minimization, access/erasure rights, and breach notification.
Administrative, physical, and technical safeguards aligned with HIPAA requirements for protected health information.
Information security management system aligned with ISO/IEC 27001: risk assessment, access control, and continuous improvement.
FAQ
Privacy Policy
dave.io collects the minimum personal information needed to run the website and deliver the service — who you are, how you use it, and what's needed to support you. This policy covers what's collected, how it's stored and shared, and how to request access, correction, or deletion. Contact privacy@dave.io with questions.
Privacy policyContact
Questions about our security practices or compliance posture? Contact us.