Data security is our top priority
Your data's privacy, security, and compliance aren't just commitments, they're built into Sumday from day one. With proactive safeguards, transparent processes and full user control, we ensure your data stays protected, always.
Compliance & controls
Built with best-in-class security practices, Sumday adheres to key industry regulations and security standards.
SOC 2 compliance
Sumday's software has undergone a Service Organization Controls audit (SOC 2 Type II).
GDPR compliance
Committed to compliance with Europe's General Data Protection Regulation (GDPR) and UK GDPR requirements.
ISO 27001
Independently certified against international security management standards.
Penetration testing
Regular third-party security assessments following industry best practices and methodologies.
PCI DSS
Secure payment processing via Stripe, certified as a PCI Level 1 Service Provider.
Identity management
Robust identity management with multiple authentication methods and login restrictions.
Single sign-on (SSO)
Authenticate into Sumday using enterprise identity providers or email authentication.
SAML
Integration with major identity providers including Azure AD, Okta, and Google.
SCIM
Automated user provisioning and deprovisioning through your identity provider.
Admin controls
Role-based permissions to restrict access to sensitive functions.
Multi-factor authentication
Additional security layer required for all user accounts.
Privacy & data protection
Employing advanced encryption and secure backup strategies, Sumday ensures your data remains protected.
Encryption at rest
All data and backups secured with AES-256 encryption.
Encryption in transit
TLS 1.2 encryption for all data in transit between browser and server.
SSL security
A+ rated SSL configuration with HSTS enabled through Azure.
Automated backups
Weekly backups retained for one month. Monthly backups retained for one year. Yearly backups retained for two years. Point-in-time recovery available for 7 days.
Security FAQs
We take data and security very seriously.
Yes, we maintain ISO 27001, SOC 2 Type II, and GDPR. We will complete your IT team's security process to confirm this, Sumday has never failed this process for our enterprise and government clients.
Sumday is hosted on Microsoft Azure in ISO 27001 / SSAE 18 compliant data centres; production servers are in Australia. Physical security is deferred to Azure.
No. The data you submit and the responses you receive through Sumday and our AI tools are used only to serve your organisation. They are not used to train models across customers or shared between customers.
No, we never use your data to train any models.
We use a diverse range of LLMs, including models from OpenAI's GPT series of models, Anthropic's Claude series of models, and Google's Gemini series of models, to deliver the best outcomes for customers. The LLM providers we use do not retain your inputs and outputs, or use them to improve their services.
No, none of the LLM providers store your data or the responses you receive.
Have more questions?
We're here to answer them.
We value transparency and clarity when it comes to data and security, ask any questions you have, any time.