Our privacy philosophy: data minimization and client control of data
The two core philosophies of data minimization and client control consistently inform how our team — from engineering to client success — builds our product and handles client data.
Unlike many other AI/ML companies, we aim to collect the minimum data required to provide our services (and nothing more). Additionally, we always provide our clients transparency around and control over their data.
They choose which CRM fields and email inboxes to provide via secure API access, and can turn off API access to any data source at any time.
For more information on our privacy program, please see our Privacy Policy.
Our security philosophy
Our security program is SOC 2 Type II compliant and aligned to ISO 27000 standards. In addition to maintaining industry-leading, multilayered administrative, physical, and technical safeguards to protect client data, we constantly monitor and improve our application, systems, and processes to meet the growing demands and challenges of an ever-evolving security landscape.
Security compliance & accreditation
We have achieved SOC 2, which is reserved for organizations that have demonstrated standard operating procedures for organizational oversight, vendor management, risk management, and regulatory oversight. The American Institute of Certified Public Accountants (AICPA) and Service Organization Controls (SOC) reports give assurance over control environments as they relate to data retrieval, storage, processing, transfer, privacy, and more. Specifically, the SOC 2 reports evidence our achievement of key controls around the security, availability, and confidentiality of client data.
Data privacy framework certified
We are proudly registered with the EU-U.S. Data Privacy Framework, the U.K. Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, U.K. Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, the United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, U.K., and Swiss law.
How we protect your data
Third-party audits
We are frequently audited and assessed by third parties and clients. For the past few years, we have partnered with TRUSTe/TrustArc, the leader in privacy compliance and data protection for over two decades. Our controls are also annually audited by A-LIGN, a nationally recognized cybersecurity and compliance firm.
Penetration testing
We perform vulnerability and automated network and application penetration scans. We also engage qualified external entities to perform independent application-level and infrastructure-level penetration tests.
Physical data centers
Client data is hosted in physical data centers in two locations in the United States. We use multi-vendor diversity to ensure that a single failure does not negatively impact our clients. Access to these physical data centers is strictly controlled and monitored by security staff.
Robust data encryption
We encrypt your data — including emails, contacts, and calendar events — using AES-256-bit data-at-rest encryption and TLS 1.2 SHA-256 data-in-transit protection. The keys for these systems are frequently rotated to comply with industry standard KMS practices.
GDPR and CCPA compliance
We maintain compliance with GDPR, CCPA, and other applicable privacy regulations. We have built and continue to build our products with the principles of data minimization and client control and privacy in mind.
We have engaged EDPO as our GDPR Representative in the EU and the UK. We partner with EDPO, based in Brussels, Belgium, to ensure full compliance with the various individual rights of EU data subjects under GDPR, including the "right to be forgotten."
GDPR Compliant
CCPA Compliant
ISO 27000 Aligned
Data privacy framework certified
"Collective[i] is dedicated to safeguarding computing efforts that advance artificial general intelligence. Our responsibility to prepare for emerging security threats to users, customers, and global communities shapes everything we do."
Security resources
Access our security documentation and compliance reports.
