GDPR Compliance & ISO 72001,

SOC Type 2 Certified

• dreamleap is GDPR compliant and CH-DSG compliant
• Data Processing Agreements (DPA) included
• Subcontractor and additional AI tools are accordingly assessed
• Our hosting provider is ISO 7001 certified and mets the highest standards of global certifications needed.
• The SOC 2 Type 2 attestation report addresses the requirements defined in the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) and are covered by our infrastructure provider.

Data Security and Guardrails

• dreamleap ensures that your data is not trained by any public models or is potentially used for other reasons
• Benefit from in-build guardrails and security layers
  

Private Cloud and On-Premises

• dreamleap runs in a private cloud with strict access controls and SSO
• Modular cloud-based or on-premise architecture to scale fast
• You do not need to bother about the model, we provide the best for your use case



Access Control, RBAC – Role-Based Access Management (HIPAA, PCI DSS)

• dreamleap has access control setups and Multifactor authentication (MFA) in place.
• There is also a Single Sign On security mechanism (e.g. Microsoft Entra, Keycloak)
• We provide clear role-based access management rules, and Least Privilege and Need-to-Know principles

Encryption

• All data connections are encrypted by the latest standards

Automated Red Teaming and AI Security Vulnerability Modules in Place

• Specialized AI Security module to test and overlook the agent's responses and behavior through automated LLM-as-a-Judge and batch tests for vulnerability attacks
• Logging of data and enhanced analytics
• AI Security, and Red Team Experts at your disposal