SECURITY
Built for regulated B2B teams.
Your sales data is your business. We treat it that way - with the controls, documentation and EU residency your legal team expects.
Honest status on every certification - we won't claim what we don't have yet.
SOC 2 Type II
in progress (Q4 2026)ISO 27001
roadmapGDPR
compliantEU data residency
Frankfurt + Dublin primaryData handling
| Data | Where it lives | Retention |
|---|---|---|
| Workspace content (chats, KB docs) | EU (eu-central-1, eu-west-1) | Until you delete |
| User auth tokens | EU | 30 days rolling |
| Audit logs | EU | 12 months |
| Model prompts + outputs | EU, scoped to workspace | Configurable, default 90 days |
| Payment data | Stripe (EU region) | Per Stripe policy |
| Backups | EU, encrypted at rest | 30 days rolling |
-
Workspace content (chats, KB docs)
Where: EU (eu-central-1, eu-west-1)
Retention: Until you delete
-
User auth tokens
Where: EU
Retention: 30 days rolling
-
Audit logs
Where: EU
Retention: 12 months
-
Model prompts + outputs
Where: EU, scoped to workspace
Retention: Configurable, default 90 days
-
Payment data
Where: Stripe (EU region)
Retention: Per Stripe policy
-
Backups
Where: EU, encrypted at rest
Retention: 30 days rolling
We never train shared models on your data. Enterprise can configure "BYOK" (bring-your-own-key) so prompts route directly to your model provider account.
Authentication
We authenticate with one-time passcodes delivered to your email or phone. No passwords are ever stored. No phishable shared secret, no "my password got leaked" breach path.
Enterprise adds SSO (Okta, Azure AD, Google Workspace) with SCIM provisioning.
Sub-processors
We publish the full list of sub-processors we use (hosting, email, analytics, model providers). Any change is announced 30 days in advance.
Incident response
Suspect an issue? Email security@expandigo.com . We acknowledge within 24 hours and follow our responsible disclosure policy.
Need the full security pack?
Download the whitepaper, request a DPA, or start a procurement conversation.