Certifications
ISO 27001:2022
Information security management system certified.
SOC 2 Type II
SSAE-21 SOC 2 Type 2 attested.
HIPAA
Compliant. BAA available for enterprise customers.
GDPR
Compliant with EU, UK, and Swiss data protection regulations.
PCI DSS
Payment card industry data security standard compliant.
CCPA
California Consumer Privacy Act compliant.
Data Handling
Real-Time Processing
Audio is processed in real-time and not stored on Sanas Cloud.
No Data Retention
User call audio is never sent to Sanas servers for storage.
Self-Hosted Option
Self-hosted deployments keep all data within your infrastructure.
Data Residency
| Deployment | Data Location | Audio Leaves Your Infra? |
|---|---|---|
| Sanas Cloud — US East | AWS us-east-2 (Ohio, USA) | Yes |
| Sanas Cloud — South Asia | AWS ap-south-1 (Mumbai, India) | Yes |
| Self-Hosted | Your own servers | Never |
More regions coming soon.
Sub-Processors
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Hosting production environment | US |
| Microsoft Azure | CDN provider | US |
| ClickHouse | Hosting telemetry database | US |
Data Retention
- During agreement: data retained per contract terms
- Post-termination: 30 days to request deletion or return
- Automatic deletion within 6 months after termination
- Backup data deleted within 1 year post-termination
Your Rights
You can request access, correction, deletion, restriction, or portability of your personal data at any time. Contact: privacy@sanas.aiLearn More
Trust Vault
Full security posture and compliance documentation.
Data Processing Agreement
Complete data processing terms and commitments.
Privacy Policy
How Sanas collects, uses, and protects your information.
Data Security FAQ
Frequently asked questions about data security and privacy.