← Back to Home

Perceptio Trust Center

Last updated: 01/12/2025

Perceptio is built for teams who work with sensitive information, strategic decisions, and confidential documents. This Trust Center explains our approach to security, privacy, compliance, AI governance, and reliability - so you can use Perceptio with confidence.

1. Security

1.1 Infrastructure Security

Perceptio is hosted on modern, secure cloud infrastructure:

  • Application hosting: Vercel
  • Database: PostgreSQL with pgvector (via Neon or equivalent)
  • Binary storage: OVH Object Storage
  • Queueing and workers: Redis + BullMQ
  • Monitoring & alerting: Sentry, Prometheus/Grafana (or equivalent)

All infrastructure providers follow industry-standard security certifications (ISO 27001, SOC 2 Type II).

1.2 Data Encryption

  • In transit: TLS 1.2+
  • At rest: AES-256
  • Password storage: Argon2 or bcrypt
  • Secrets: encrypted at rest and rotated regularly
  • Key management: strict access control policies

1.3 Application Security

  • RBAC (Role Based Access Control): Viewer, Editor, Admin, SuperAdmin
  • Project-level permission overrides
  • MFA (optional)
  • SSO (SAML / OIDC) for enterprise
  • Secure session management
  • CSRF, XSS, SSRF, and injection protection
  • Rate limiting & bot protection

1.4 Network & Access Control

  • Zero-trust principles
  • Least-privilege access for employees
  • Access logged and periodically reviewed
  • Production access restricted to authorized personnel only

1.5 Audit Logging

Perceptio maintains extensive audit trails for:

  • user actions
  • administrative access
  • data changes
  • login activity
  • system events
  • API usage

Audit logs are immutable and retained according to compliance needs.

2. Privacy

Perceptio is designed with privacy by design and data minimization principles.

2.1 User Data Ownership

You always own:

  • your documents
  • your transcripts
  • your project data
  • your deliverables
  • your outputs

Perceptio only processes your data to operate the service.

2.2 No Training on Customer Data

We never use customer data to train any public foundation models (OpenAI, Anthropic, Mistral, etc.). Your data is used only for inference, not for model improvement.

2.3 Retention & Deletion

  • Project data: retained for the duration of subscription
  • Audio files: configurable retention settings
  • Transcripts: aligned with your project retention
  • Backups: retained 30–90 days
  • Account deletion: all associated data deleted after processing period

You may request deletion at any time.

2.4 Data Subject Rights

Per GDPR, UK GDPR, CCPA/CPRA, LGPD, and other global regulations, you may request:

  • access
  • correction
  • deletion
  • portability
  • restriction
  • objection
  • opt-out (US)

Contact: privacy@perceptio.ai

3. Compliance

Perceptio aligns with major global data protection frameworks:

  • ✔ GDPR (EU)
  • ✔ UK GDPR
  • ✔ CCPA / CPRA (California)
  • ✔ LGPD (Brazil)
  • ✔ PIPEDA (Canada)
  • ✔ Privacy Act (Australia)
  • ✔ EU AI Act (limited-risk AI system)

3.1 Sub-processors

Perceptio uses a small number of carefully vetted sub-processors for hosting, storage, authentication, STT/LLM inference, analytics, and email delivery.

All sub-processors are bound by DPAs and Standard Contractual Clauses.

3.2 Data Processing Agreement (DPA)

We provide a DPA compliant with GDPR, CPRA, and LGPD for all paying customers. Enterprise clients receive a signed, customized version upon request.

3.3 International Data Transfers

We rely on:

  • Standard Contractual Clauses (SCCs)
  • UK Addendum / UK IDTA
  • Adequacy decisions
  • Secure hosting regions appropriate to your jurisdiction

4. Responsible AI

Perceptio integrates AI into your workflow in a safe, transparent, and controlled manner.

4.1 Principles

Perceptio's AI follows clear principles:

  • Human-centered: AI assists, humans decide.
  • Transparent: Never hidden or deceptive.
  • Secure: Data protected at every step.
  • Fair: No profiling or sensitive inference.
  • Private: No training on customer data.
  • Responsible: AI outputs require human validation.

4.2 How Perceptio Uses AI

We use AI for:

  • transcription
  • document parsing
  • semantic indexing
  • summarization
  • smart actions
  • deliverable drafting
  • context graph generation
  • semantic search

We do not use AI for:

  • biometric identification or emotion recognition
  • eligibility or employment decisions
  • surveillance
  • personal profiling
  • sentiment inference from voices

4.3 Risks & Mitigations

Possible risks include:

  • inaccuracy or hallucination
  • mis-identified actions
  • incomplete summaries
  • misinterpreted context

Mitigations:

  • human review required
  • confidence indicators
  • editing tools
  • audit logs
  • red-team testing
  • continuous evaluation

4.4 AI Transparency

We openly disclose:

  • what models power each feature
  • how your data is processed
  • which providers are used for inference
  • system limitations
  • expected accuracy ranges

4.5 No training on your data

Customer data is never used to:

  • train foundation models
  • improve provider models
  • feed public datasets

This is guaranteed contractually via DPAs.

5. Reliability

5.1 Uptime & Monitoring

Perceptio uses:

  • automated health checks
  • error monitoring via Sentry
  • performance monitoring via Prometheus/Grafana
  • synthetic tests
  • multi-region failover (for enterprise tiers)

5.2 Backups & Disaster Recovery

  • Automated daily backups
  • Multi-zone redundancy
  • Backup retention: 30–90 days
  • Documented disaster recovery plan
  • Regular DR testing

5.3 Version Control & Change Management

  • Model versioning
  • API versioning
  • Release notes for new features
  • Rollback capability
  • Staged rollouts for safety-critical updates

6. Contact & Reporting

For questions or reporting:

Address: Perceptio SAS

32 RUE DE PARIS, 92100 BOULOGNE-BILLANCOURT, FRANCE

Email: legal@perceptio.ai