Credal is built securely from the ground up
Protecting your user's data can't be treated as a box checking exercise. Security is foundational and the first step in everything we do.
Protecting your user's data can't be treated as a box checking exercise. Security is foundational and the first step in everything we do.
Credal undergoes regular third party penetration testing and auditing. All of Credal’s infrastructure, including its UI and API and chat integrations, is SOC 2 Type 2 compliant.
Credal was the first AI company to be an active participant in the EU-US Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework.
Credal is HIPAA compliant to protect the privacy and security of individuals' health information
The software you use every day, things like Google Drive, Microsoft Sharepoint, Microsoft Onedrive, Box, Salesforce, Zendesk, Confluence, Slack and others all have their own data sharing and permissioning schemes. When you are pulling data together from around the enterprise, you can’t worry about what your end users do and don’t have access to: permissions need to “just work”.
Credal mirrors data permissions automatically for your end users - whether they’re using your tool from Slack, the web, or your own frontend.
Admins can easily see what source systems are configured through the Data Sources panel and onboard new sources or offboard old ones. All synced data from every source is searchable, taggable and purgeable by admins in the Data Catalog.
Developers building AI tools off of Credal’s APIs can easily sync permissioned data and honor those permissions in their apps.
Syncing from systems like Google Drive or Slack through Credal doesn't just save time on building, but cuts risk by delegating permission to read just the data relevant to the application through Credal collections, without shared access to source system credentials.
Automatically enforce organizational and compliance rules around AI usage including for abstract topics & use cases.
Credal offers full integration through SAML with your identity provider of choice such as Okta. Control which users can perform what actions in the platform directly via Okta groups synchronously with SCIM.
RBAC is orthogonal to Data Permissions in Credal, which inherit automatically from their source system. Easily empower users to create AI tools or use certain features even without direct access to all data.
Easily keep track AI usage - even for third party or in house applications through the OpenAI/Anthropic backwards compatible AI gateway - across all tools, user groups and providers.
All AI interactions with providers like OpenAI and Anthropic are logged. Know precisely what data was sent by what users or tools at all times, and trace AI answers back to the exact source systems (Google Doc, Slack message) that informed them. Most importantly, capture and build your company’s proprietary data asset of AI traffic for future fine tuning or model training.
Credal can apply retention policies to automatically drop data content while keeping basic metadata for usage analytics or cost analytics.
Subject matter experts can use these logs to tune their Agents and developers can use them to quickly gain observability on everything from one-off scripts to production traffic.
In addition to AI audit logging, Credal also provides product-level platform audit logging to monitor use or potential abuse of the platform, accessible to admins and easily integrable into your SIEM via API.
Credal maintains zero-data-retention or equivalent agreements with the AI providers like OpenAI, Anthropic and Cohere. (Credal is believed to be the first organization to negotiate a ZDR with OpenAI in early 2023)
Credal natively supports bring-your-own-key for all AI providers to keep traffic in your tenant.
Credal also supports AWS Bedrock and GCP Vertex for in-VPC Anthropic Claude access, as well as Azure OpenAI for in-VPC OpenAI access.
Optionally load balance to Credal's own reserved capacity.
Automatically detect and either redact or block sensitive data such as PII from leaving Credal or your VPC depending on setup.
AI continues to work naturally - even through the public cloud.
Extend Credal’s observability, logging and cost analytics to your in house applications or even 3rd party applications or systems that offer Bring-your-own-key with a one line configuration change to go through Credal’s backwards-compatible OpenAI and Anthropic gateway. No code changes required.
Credal is SOC 2 Type 2 certified. However, Credal invests beyond the basics for most enterprise SaaS including authenticated PCI-level penetration testing to attack and test application-security level logic as opposed to the basic OWASP style pentesting in most of the industry. Credal’s cloud infrastructure and AWS configuration is managed by industry veteran consultancy that works with national brands.
Credal runs SAST as part of our continuous integration, and our own static analysis to protect developers' direct interactions with permissioning data, and Credal runs schema level access policies to further guard against even the risk of Credal-generated code problems.
Credal offers several deployment options to exceed security requirements.
Credal maintains a bare minimum set of data subprocessors, available in our trust portal, and keeps data in-VPC wherever possible.
While Credal maintains zero data retention agreements with AI providers, it is also possible to configure AWS-only AI without leaving the VPC with Anthropic models through AWS Bedrock, and OpenAI models through Azure, opting out of all other access to reduce cyber surface area. Customers are given at least 30 days notice for new sub-processors along with the option to opt out of new sub-processors for the remainder of their existing term as needed.
Credal gives you everything you need to supercharge your business using generative AI, securely.
