Trust Center2026-07-03T08:15:36+00:00
Security Governance Portal

Deepdots Trust Center

Trusted by companies across industries to process sensitive customer feedback securely, reliably, and at scale. Deepdots combines SOC 2 attested security controls with governed customer intelligence workflows.

Review our security posture, data protection practices, compliance documentation, and platform governance controls.

Deepdots Security Infrastructure Map

Start your security review

Share your work email and we’ll contact you with the relevant Deepdots security documentation and next steps for your vendor review.

Framework Matrix

Compliance posture

Deepdots’ security posture incorporates SOC 2 attested controls and supports GDPR-aligned data protection practices for enterprise customer feedback workflows.

SOC 2 report 🔒

Available on request through the security review process.

Request access

GDPR-aligned practices

Data protection practices designed to support GDPR-aligned customer workflows.

DPA processing controls

Customer data is processed under agreed customer terms and data protection agreements.

Encryption controls

Customer data is processed with encryption at rest and in transit.

Access governance

Restricted access, identity management, and monitoring support governed data handling.

Incident response

Documented procedures support investigation, containment, remediation, and customer communication.

System Architecture & Governance Overview

Deepdots is built around governed SaaS infrastructure for processing sensitive customer feedback. Security and privacy controls are embedded across data ingestion, access governance, monitoring, change management, and reporting workflows.

Infrastructure

Google Cloud Platform (GCP)

Deepdots operates on controlled GCP-hosted infrastructure, with customer data protected through encryption, access governance, monitoring, and documented data handling procedures.

Workflow Safeguards

Security controls across the Deepdots workflow

From data ingestion to insight generation, Deepdots applies layered safeguards designed to support secure, governed customer feedback processing.

Infrastructure security

Deepdots operates on controlled GCP-hosted infrastructure with encryption, monitoring, access governance, and documented operational procedures.

🛡

Data privacy controls

Customer feedback data is processed for agreed service purposes, including analysis and reporting, under customer terms and DPA-based data protection controls.

🔎

Access control

Deepdots supports restricted access workflows, SSO-based identity management, role-based access principles, and audit logging to help protect customer data.

💎

Product and code security

Deepdots follows secure change management, vulnerability monitoring, and incident response procedures to reduce operational and application risk.

AI governance and safety

Deepdots applies structured data validation and processing safeguards to help identify abnormalities, manage processing exceptions, and protect workflow integrity.

Monitoring and resilience

Deepdots uses application monitoring and cloud infrastructure safeguards to support resilient platform operations and workflow continuity.

Data Separation

Structured protection for sensitive feedback

Customer feedback can contain personal details, commercial context, and account-specific information. Deepdots keeps this data separated by customer context and processes it only for the agreed service purpose.

Data boundaries

Feedback records are handled through data governance controls that help reduce the risk of unauthorized access or cross-account exposure.

Data privacy

When unstructured feedback includes personal or sensitive information, Deepdots applies safeguards at ingestion and processing boundaries.

AI processing safeguards

Deepdots applies validation and processing controls to help identify data abnormalities, manage exceptions, and protect workflow integrity during analysis.

Frequently asked questions 

How do we share pilot data with Deepdots?2026-07-02T13:58:33+00:00

Pilot data can be shared through an agreed secure process depending on your organization’s requirements. Our team will coordinate the preferred setup with you, including access method, file format, data scope, and any required protection measures.

Can you help with a security assessment of Deepdots?2026-07-02T13:58:08+00:00

Yes. We can share relevant security documentation, including information on our SOC 2 Type 1 report, hosting environment, encryption, access controls, subprocessors, incident response, and data handling practices.

Can you provide information for a DPIA or privacy impact assessment?2026-07-02T13:57:43+00:00

Yes. Deepdots can provide relevant security, data protection, hosting, subprocessors, and processing information to help your team complete a DPIA, PIA, or internal privacy assessment.

Can we use our own DPA?2026-07-02T13:56:41+00:00

Yes. If your organization requires us to use your Data Processing Agreement, our team can review and work from your DPA as part of the vendor onboarding process.

Does Deepdots have an incident response process?2026-07-02T11:17:56+00:00

Yes. Deepdots maintains documented incident response procedures to help identify, report, contain, remediate, and communicate security or data privacy events when they occur.

How does Deepdots keep product changes secure?2026-07-02T11:17:24+00:00

Deepdots follows structured change management procedures for product and infrastructure updates. Changes are documented, reviewed, tested, and approved before they are released to production.

Do you hold any security certifications?2026-07-02T10:19:24+00:00

Yes. Deepdots is fully SOC 2 compliant, with our independent third-party audit reports available upon request. Our platform architecture also incorporates GDPR-aligned data protection controls by default, including end-to-end encryption (TLS 1.3 in transit and AES-256 at rest).

Who are Deepdots’ sub-processors?2026-07-02T10:19:40+00:00

To minimize third-party exposure and supply-chain risks, Google Cloud is our sole sub-processor. Because our custom AI models are hosted directly on our private virtual instances, no external AI vendors or third-party tools ever touch your data.

Where is our data hosted and stored?2026-07-02T10:19:58+00:00

Our entire platform infrastructure, microservices, AI models, and database systems are hosted exclusively within Google Cloud Platform (GCP) EMEA on secure servers physically located in the European Union (EU).

Is my company’s data used to train Deepdots’ AI models?2026-07-02T10:20:24+00:00

Absolutely not. Customer data is strictly logically segregated and processed transiently. We have a strict zero-retention architecture for model training, meaning your data is never used to develop, train, fine-tune, or maintain our core AI systems.

What AI models does Deepdots use to process customer feedback?2026-07-02T10:20:38+00:00

Deepdots uses its own proprietary, custom-built language models developed entirely in-house. We do not rely on, nor do we route any customer data through, third-party AI APIs or external LLM providers (such as OpenAI, Anthropic, or Mistral).

Trusted by teams turning customer feedback into action

Deepdots supports teams across retail, legal tech, real estate, sustainability, consumer brands, and enterprise services.

Carglass
Nemlig
XPENG
Saint-Gobain
GN Hearing
Matas
NREP
GreenMind
TestaViva
Danske Spil
Unioo
Culligan
KICKS
Sun Lolly
Carglass
Nemlig
XPENG
Saint-Gobain
GN Hearing
Matas
NREP
GreenMind
TestaViva
Danske Spil
Unioo
Culligan
KICKS
Sun Lolly
Go to Top