Data Protection

Last updated: February 20, 2026

Your Data Is Protected

None of your data — and none of your clients' data — is ever used to train public AI models. Your data stays isolated, encrypted, and fully under your control.

At SOFE, we understand that your business data and your clients' information are among your most valuable assets. This Data Protection Policy explains exactly how we safeguard your data when you use our AI-powered platform and services.

1. Your Data Is Never Used to Train AI Models

We use model providers (OpenAI, Anthropic, Google, and others) in strict no-training mode. This means:

  • Your data is not used for model training — ever
  • Your data does not become part of any model weights
  • Your data is not shared with other customers
  • Your data is not stored by AI providers beyond the immediate request

This is contractually enforced by our AI providers and technically enforced through their enterprise APIs. We only connect to enterprise-grade endpoints — never the consumer applications.

2. End-to-End Data Isolation

Your workspace has its own data boundary with complete logical separation:

  • Each customer gets a logically isolated environment
  • Data you upload or generate stays within your workspace only
  • No cross-customer visibility — your data is never accessible to other users
  • Role-based access controls ensure only authorized team members can access relevant data
  • Audit logs track all data access within your organization

3. Encryption at Rest and In Transit

All data is encrypted using industry best practices:

  • At rest: AES-256 encryption
  • In transit: TLS 1.2+ for all connections
  • API calls to AI providers are encrypted end-to-end
  • Database backups are encrypted with separate keys

Even our team cannot access your raw data unless you explicitly grant access for support purposes.

4. Fully Controlled Data Retention

You remain the owner of your data at all times. You control:

  • What data you store on our platform
  • How long your data is stored
  • When your data gets deleted
  • Who within your organization can access specific data

We support complete data deletion upon request. When you delete data, it is permanently removed from our systems within 30 days, including all backups.

5. Strict AI Provider Terms

Our AI providers (OpenAI, Anthropic, Google, and others) include strong data handling guarantees in their enterprise agreements:

  • No training on API or enterprise data
  • No human access to customer data except for resolved abuse cases
  • Zero data retention — requests are processed and discarded
  • Automatic data redaction for sensitive request patterns (provider-dependent)

We continuously evaluate our AI providers to ensure they maintain the highest data protection standards.

6. Third-Party Integration Data (Google, Microsoft, Plaid)

When you connect Google, Microsoft, or Plaid accounts, data accessed through those integrations is protected with the same standards as all other data on the SOFE platform:

  • Google (Gmail): Email message data accessed via the gmail.readonly scope is stored securely and used exclusively to display your email threads within your SOFE workspace. It is never used for advertising, never shared with third parties, and never accessed by SOFE personnel except for security or legal purposes.
  • Microsoft (Outlook / Azure): Email and calendar data accessed via read-only scopes is stored securely and used exclusively to display communications and events within your SOFE workspace, subject to the same protections as Gmail data above.
  • Plaid (financial accounts): Financial account data accessed via Plaid is stored securely and used solely to provide financial visibility features within your SOFE workspace.

SOFE's use of Google API data complies with the Google API Services User Data Policy, including the Limited Use requirements. You may disconnect any connected account at any time from your account settings, and your data from that integration will be deleted within 30 days.

7. Enhanced Options for High-Sensitivity Clients

For clients with elevated compliance requirements (legal, healthcare, financial services), we offer additional protection options:

  • Customer-managed encryption keys (BYOK) — maintain complete control over your encryption
  • VPC-isolated deployments — dedicated infrastructure for your organization
  • Private model inference — data never leaves your cloud environment
  • Custom data residency — choose where your data is stored geographically
  • Enhanced audit logging — detailed compliance reporting

These options deliver maximum control with zero data exposure. Contact us to discuss your specific requirements.

8. Compliance Alignment

Our systems and partners align with common industry standards and regulations:

  • SOC 2 Type II — third-party validated security controls
  • GDPR — European data protection requirements
  • CCPA — California consumer privacy rights
  • HIPAA-aligned processes — for healthcare clients (with BAA available)
  • ISO 27001 — information security management standards

We can provide detailed data handling documentation, security questionnaire responses, and compliance certificates upon request.

9. Data Export

You can export all of your data at any time. We believe your data belongs to you, and you should always have access to it:

  • Full data export — request a complete copy of all your data in standard formats
  • Selective export — export specific projects, documents, or workflows
  • Machine-readable formats — receive your data in JSON, CSV, or other portable formats
  • No lock-in — take your data with you if you ever decide to leave

To request a data export, contact us. Export requests are typically processed within 5 business days.

Plain-English Summary

Your data is:

  • Yours
  • Isolated
  • Encrypted
  • Not used to train AI
  • Not exposed to others
  • Exportable anytime

We treat your information — and your clients' information — with enterprise-grade protection.

Questions?

If you have questions about our data protection practices, need compliance documentation, or want to discuss enhanced security options for your organization, please contact us:

xVentures AI Corporation
45 Tudor City Place 1911
New York, NY 10017

Related Policies

For more information about how we handle your data, please also review our: