Security
Your data, protected
Legal data demands the highest level of protection. Parachute is built with security at its core.
Encryption in transit and at rest
All data is encrypted using TLS in transit and encrypted at rest in our databases. Your documents are protected at every stage.
ISO 27001 certification underway
Stage 1 audit of our information security management system is complete. Stage 2 certification audit is scheduled.
SOC 2-aligned practices
Our security practices are aligned with SOC 2 standards, demonstrating our commitment to security, availability, and confidentiality.
AI data privacy
Your data is never used to train AI models. AI interactions are processed securely and not shared across organisations.
Role-based access controls
Granular RBAC ensures team members only access what they need. Each organisation's data is logically isolated.
Automated backups
Regular automated backups ensure your data is never lost. Monitoring and alerting for any suspicious activity.
Secure cloud infrastructure
Hosted on secure cloud infrastructure with regular security updates, patching, and proactive vulnerability management.
Our security practices
Independent assurance
We are working through ISO 27001 certification. Our Stage 1 audit is complete, and our Stage 2 certification audit is scheduled. Our security practices are also aligned with SOC 2 controls.
Data isolation
Each organisation's data is logically isolated. Your documents, knowledge base, and AI interactions are strictly separated from other organisations on the platform.
AI data handling
Your documents and knowledge base content are used only to generate responses for your organisation. Parachute does not use your data to train AI models. AI interactions are not shared across organisations.
Secure development
Every code change goes through automated security scanning and peer review. We follow security best practices and conduct regular dependency audits.
Incident response
We maintain an incident response plan with monitoring, defined escalation paths, and transparent communication. We commit to notifying affected customers promptly in the event of any confirmed breach.
Access management
Access to production systems follows the principle of least privilege. Role-based permissions in the platform ensure your team members only access what they need.
Frequently asked questions
Is my data used to train AI models?
No. Your documents, knowledge base, and AI interactions are never used to train AI models. AI interactions are processed securely and not shared across organisations.
Where is my data stored?
Customer data is hosted in Australia today, with regional residency on the roadmap. All plans include enterprise-grade encryption in transit and at rest.
Which countries does Parachute support?
Parachute officially supports Australia, New Zealand, the United Kingdom, the United States and Canada. Customers select a country at sign-up and the AI defaults to that jurisdiction. Other jurisdictions are not officially supported but the AI can reason about them via web search.
Is Parachute ISO 27001 certified?
Parachute is in the ISO 27001 certification process. Our Stage 1 audit is complete and the Stage 2 certification audit is scheduled. We will publish our certificate on this page once Stage 2 is complete.
Is Parachute SOC 2 compliant?
Parachute's security practices are aligned with SOC 2 standards, demonstrating our commitment to security, availability, and confidentiality. We conduct regular security audits and dependency reviews.
How is data isolated between organisations?
Each organisation's data is logically isolated. Your documents, knowledge base, and AI interactions are strictly separated from other organisations on the platform. Role-based access controls (RBAC) ensure team members only access what they need.
What encryption does Parachute use?
All data is encrypted using TLS in transit and encrypted at rest in our databases. Regular automated backups ensure your data is never lost, with monitoring and alerting for any suspicious activity.