> ## Documentation Index > Fetch the complete documentation index at: https://docs.contextual.ai/llms.txt > Use this file to discover all available pages before exploring further. # SOC 2 > Contextual AI SOC 2 Compliance ## Overview Contextual AI is **SOC 2 Type II certified**, demonstrating that our security controls and operational practices meet the highest standards for protecting enterprise data. ![Alt Text](https://cdn.sanity.io/images/aw1pcv4c/production/1676425030178745ab94dfe0a96604369d93aa9b-5760x3240.png?w=3840\&fm=webp\&q=75\&dpr=2) This certification verifies that our systems, processes, and safeguards operate effectively over time—not just at a single point of audit. *** ## What SOC 2 Type II Means SOC 2 Type II evaluates how well an organization upholds the **Trust Service Criteria**: * **Security** * **Availability** * **Confidentiality** An independent auditor verified that Contextual AI maintains strong, continuously monitored controls across all three criteria. *** ## Security at Every Layer ### Proven Security Controls Our compliance audit confirms consistent adherence to stringent policies and processes governing data handling, infrastructure, and operations. ### Data Protection * **Encryption in transit:** TLS 1.2+ * **Encryption at rest:** AES-256 * **Key management:** Cloud-native KMS services with restricted access ### Deployment Options Choose the environment that fits your organization’s security posture: * **SaaS** (fully managed) * **VPC** (private cloud) * **On-premises** (self-managed) ### Authentication & Access * Enterprise **SSO** with **SAML** or **OIDC** * **Role-based access control (RBAC)** for fine-grained permissions *** ## Core Security Controls | Category | Description | | ------------------------- | ---------------------------------------------------------------------------------------------- | | **Application Security** | Continuous SAST/SCA scanning, dependency monitoring, and vulnerability management | | **Business Continuity** | Kubernetes-based orchestration, automated failover, distributed infrastructure | | **Monitoring & Response** | Real-time detection via centralized security data lake and defined incident-response playbooks | | **Bug Bounty Program** | Ongoing responsible-disclosure program with independent security researchers | *** ## Continuous Compliance * SOC 2 Type II is one component of our broader compliance framework. * Contextual AI is hosted on **Google Cloud Platform**, which maintains its own certifications: SOC 2, SOC 3, PCI DSS, ISO/IEC 27017, and CSA STAR. * We continuously evaluate and update controls to address evolving security and privacy requirements for enterprise AI systems. *** ## Learn More * [SOC 2 Announcement](https://contextual.ai/blog/contextual-ai-is-soc-2-type-2-certified) * [Security Overview](https://contextual.ai/security) * [Trust Center](https://trust.contextual.ai/resources) – Request a copy of our SOC 2 Type II report * [Contact Support](https://contextual.ai/contact-us) for compliance or security-related inquiries