Security & Trust at Ingestly

At Ingestly, we understand that our document parsing pipeline serves as the ingestion point for your organization's most sensitive data. We treat security not just as a perimeter defense, but as a foundational, systemic property embedded throughout our entire infrastructure, AI deployment, and software development lifecycle.

Data Protection & Encryption

We employ industry-standard cryptographic protocols to ensure your data is protected in transit and at rest.

  • Encryption in Transit: All communications involving the transfer of data into or out of our application are secured exclusively via HTTPS using TLS 1.2 or higher.
  • Encryption at Rest: From the moment your documents are received until they are permanently deleted, all data at rest, including databases and temporary file storage, is encrypted using the industry-standard AES-256 algorithm.
  • No Ingestly Personnel Access: No Ingestly employee or contractor accesses your documents during processing. Our extraction pipelines are fully automated. Optional human review workflows are available for your own team to verify extraction results before final output.

AI Privacy & LLM Security

Generative AI enables unparalleled extraction accuracy, but it requires strict data governance.

  • Zero Data Retention: We maintain strict enterprise agreements with our Large Language Model (LLM) providers to ensure they cannot retain your data. Your proprietary documents and extracted metadata are never used to train external or public foundational models.
  • Prompt Injection Protection: We treat all LLM outputs as potentially malicious, utilizing strict schema validation and input sanitization to protect our infrastructure and your data against adversarial prompt injection attacks.

Compliance

Our security program is built to align with globally recognized regulatory frameworks to support our enterprise clients.

  • Regulatory Alignment: Our infrastructure and operational procedures are informed by SOC 2 and ISO 27001 frameworks, and we are actively working toward formal certification. We are aligned with GDPR requirements, operating as a Data Processor on behalf of our customers as Data Controllers.

For details on our data handling practices, see our Privacy Policy and Terms of Service.

Infrastructure & Network Isolation

Your data is processed in a secure, isolated cloud environment.

  • Secure Cloud Infrastructure: Our application runs in isolated container environments with network-level access controls provided by our top-tier cloud infrastructure.
  • Private Connectivity: Enterprise clients requiring network isolation can contact us to discuss private connectivity options.

Access Control & Data Minimization

We believe the most secure data is data we no longer hold.

  • Customizable Data Retention: You own your data. We offer highly customizable, per-pipeline data retention policies (ranging from 1 to 365 days), allowing you to automatically and permanently destroy documents and extracted payloads after a specified timeframe.
  • Enterprise Identity Management: Ingestly supports seamless integration with your existing Identity Providers via SAML 2.0 and OAuth 2.0, allowing you to enforce your own corporate Multi-Factor Authentication (MFA) and granular Role-Based Access Control (RBAC).
  • Comprehensive Audit Trails: We provide comprehensive audit logs detailing every document uploaded, processed, and deleted, tracking user actions, timestamps, and data changes across your organization.
  • Multi-Tenant Data Isolation:Our architecture enforces strict data isolation between organizations, ensuring that no organization can access another organization's data.
  • API Key Security: API keys are cryptographically hashed before storage. Plaintext keys are never persisted in our systems.

Contact

If you have questions about our security practices or would like to discuss enterprise security requirements, please contact us at support@ingestly.ai.