Compliance
We understand that trust is earned, not claimed. Newtone is built to meet the security and data protection requirements of enterprise procurement teams. This page provides an overview of our compliance program. For real-time detail, visit our trust center.
SOC 2 Type II compliant
Independently audited with continuous monitoring through our partner Vanta. Controls enforced on an ongoing basis, not only during the audit window. The SOC 2 Type II report is available on request through our trust center.
GDPR compliant
EU-hosted infrastructure. Contractual data processing obligations established with all clients. Data retention, classification, and incident response policies documented and enforced. Our incident response plan includes the 72-hour breach notification requirement mandated by GDPR.
Complete data isolation
Each client’s training data and resulting AI models are fully isolated. Your data is used exclusively to train your models. It is never shared with, or accessible to, other clients. This isolation applies at every stage: ingestion, processing, model training, content generation, storage, and deletion.
Infrastructure and subprocessors
Our core infrastructure is hosted in the EU, including our primary cloud provider (Google Cloud Platform), identity provider (Auth0), monitoring (Datadog & Langsmith), and analytics (Databricks). A full, current list of subprocessors is published in our trust center.
Trust centre
Our trust center provides real-time visibility into our compliance posture, including control status, policy documents, the SOC 2 Type II report, and our full subprocessor list. We are happy to support vendor qualification processes, complete security questionnaires, and arrange calls with our technical team.
