Privacy at Every Step, From Ingestion To Insight
Ensure Sensitive Information is Always Protected and Compliant
Squirro named a Representative Vendor in the Gartner® Market Guide™ for GenAI Platforms in Banking & Investment Services – Read the Guide
Prevent personally identifiable information (PII) exposure, enforce data governance, and stay audit-ready with Squirro’s Privacy Layer
Ensure Sensitive Information is Always Protected and Compliant
Behind the scenes, encrypted tokens stand in for sensitive PII data. When it’s time to present results, the tokens are swapped back under strict, logged controls, giving you the full power of generative AI without exposing sensitive data.
Squirro AG has engaged A-LIGN Compliance and Security, Inc. as an independent auditor to conduct a SOC 2 Type I and Type II assessment under the Security criteria of the AICPA Trust Services Criteria. The organization is actively working towards obtaining the SOC 2 report, demonstrating the effectiveness of its security controls in protecting customer data and ensuring a robust information security posture.
As part of this effort, Squirro AG is implementing and refining its security controls to align with SOC 2 requirements. The company is currently preparing for the Type I assessment, which evaluates the design of controls at a specific point in time, followed by the Type II assessment, which assesses the operational effectiveness of controls over a defined period. This initiative reflects Squirro AG's commitment to maintaining high security standards and strengthening trust with customers and stakeholders.
At Squirro AG, we are committed to ensuring compliance with the General Data Protection Regulation (GDPR) by implementing strict data protection measures and maintaining transparency in our data processing practices. As a data processor and controller, we safeguard personal data through ISO 27001-certified security controls, encryption, and access restrictions.
We provide data subject rights under GDPR, including access, rectification, erasure, restriction, and portability. Users can request to review, modify, or delete their personal data in accordance with legal and regulatory obligations. Our Data Protection Officer (DPO) oversees compliance, ensuring adherence to privacy principles such as data minimization, purpose limitation, and security by design.
For international data transfers, we apply EU-approved Standard Contractual Clauses (SCCs) or ensure that adequate safeguards are in place. We conduct regular data protection impact assessments (DPIAs) and uphold privacy by default across our services.
For GDPR inquiries or data requests, users may contact our DPO
Squirro encrypts data in transit (SSL/TLS protocols, TLS 1.2 or higher) and at rest (AES-256 encryption) to ensure the confidentiality and integrity of sensitive data.
Discover Squirro's commitment to security and compliance. Our live Trust Portal provides immediate, transparent access to the current status of all controls, policies, and certifications.