1. Stateless Processing (Zero Data Retention)
IsoFlow operates as a completely stateless engine. We do not use databases to store user uploaded documents, mapped controls, or generated outputs.
- Documents are ingested directly into volatile memory (RAM).
- The mapping orchestration occurs entirely within the ephemeral compute instance.
- Upon generation of the Excel export, the session is terminated and memory is instantly purged.
2. Encryption Standards
All data transmitted between the client browser and IsoFlow's processing layer is encrypted in transit.
- In Transit: TLS 1.3 encryption is enforced globally across all endpoints.
- At Rest: Because IsoFlow is stateless, user evidence data is never written to persistent storage, rendering traditional encryption-at-rest requirements inapplicable to customer payloads.
3. LLM Subprocessors & Model Training
IsoFlow orchestrates enterprise-tier LLM APIs (including Google Cloud and Anthropic) strictly for text extraction and semantic cross-referencing.
- Zero Training Guarantee: We operate under strict Enterprise Data Processing Agreements (DPAs). Your proprietary policy documents are never used to train, fine-tune, or improve foundational models.
- Zero Retention APIs: Prompts and responses sent to our LLM subprocessors are not logged or retained by the provider.
4. Cloud Infrastructure
The IsoFlow orchestration engine is hosted on Google Cloud Platform (GCP). The underlying infrastructure data centers maintain strict physical and logical security controls and are certified for SOC 2 Type II, ISO 27001, and ISO 27017.