Gehirn, Inc.

Security

How We Handle Your Data

Built for regulated industries. Your trust is our infrastructure.

Core Commitments

Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.3). API keys and credentials stored in hardware-backed key management.

Access Controls

Role-based access controls, audit logging on all data operations, principle of least privilege enforced across all services.

Data Retention

AI scan data retained for 90 days by default. You can request deletion at any time. We never sell or share your data with third parties.

How Your Data Moves

End-to-end encryption at every step

Your DataBrowser
EncryptedTransit (TLS 1.3)
AI AnalysisIsolated Environment
EncryptedStorage (AES-256)
ReportDelivery

Compliance Roadmap

On the path to industry-standard certifications

SOC 2 Type I

In progress, targeted Q3 2026

In Progress

SOC 2 Type II

Planned Q1 2027

Planned

HIPAA BAA

Available for healthcare engagements upon request

Available

GDPR

Data processing agreement available

Available

Industry-Specific Security

Tailored safeguards for your sector

Legal

Attorney-client privilege protection, document classification safeguards, and strict data isolation between client matters.

Real Estate

Transaction data security, PII protection for buyer and seller records, and secure document handling for closings.

Healthcare

Protected health information (PHI) safeguards, HIPAA-ready infrastructure, and audit trails for all data access.

Frequently Asked Questions

Where is my data stored?

All data is stored in US-based data centers with AES-256 encryption at rest. We use industry-standard cloud infrastructure with SOC 2 certified hosting providers.

Can I request data deletion?

Yes. You can request complete deletion of your data at any time by contacting us. We process deletion requests within 30 days and confirm once complete.

Do you use my data to train AI models?

No. Your data is never used to train, fine-tune, or improve any AI models. It is used solely to generate your requested analysis and is handled according to our retention policy.

What happens to my AI scan data?

AI scan data is encrypted and retained for 90 days to allow you to revisit your report. After 90 days, it is automatically purged. You can request earlier deletion at any time.

Have security questions? Let’s talk.

We take data protection seriously. Reach out and we’ll walk you through our security practices in detail.

Contact Us