Type II
Independently audited controls across security, availability, confidentiality, integrity.
Trust & Security
SOC 2 Type II from day one.
Time Machine handles your most sensitive content — sales playbooks, customer data, internal workflows, tribal knowledge. Trust isn't optional. It's how we built the platform.
Compliance & certifications
Audited. Certified. Verifiable.
AES-256
All customer data encrypted at rest. TLS 1.3 in transit. Hardware-backed key management.
GDPR & CCPA
Compliant data processing. EU data residency available. Full data subject rights handling.
Enterprise
Built on enterprise cloud with 99.9% uptime SLA and geo-redundant backups.
Available documentation
Access our certifications and compliance docs.
Request specific documents via our trust portal — or open the full real-time view of our security posture.
SOC 2 Type II Report
Our independent auditor's report on security, availability, confidentiality, and integrity controls. Available under NDA via the trust portal.
Request access →Data Processing Agreement
Our standard DPA covering GDPR requirements and customer data processing terms. Custom DPA addenda supported.
Request access →Trust Portal
Real-time view of our certifications, security controls, and compliance status — hosted via our partner Dsalta.
Open portal →
Security practices
How we protect your knowledge.
Data protection
Encrypted, isolated, never trained-on
Customer data encrypted at rest (AES-256) and in transit (TLS 1.3). Data isolation between tenants. We never train AI models on customer data. Your knowledge stays your knowledge.
Access control
SSO, RBAC, MFA
Enterprise SSO (SAML 2.0, OIDC). Role-based access control with least-privilege defaults. Multi-factor authentication for admins. Audit logs for every privileged action.
Infrastructure
Enterprise cloud, geo-redundant
Built on enterprise-grade cloud infrastructure. Automatic backups with geo-redundancy. 99.9% uptime SLA. Customer-specific data residency available (US, EU).
Monitoring
24/7 monitoring & response
Continuous security monitoring. Anomaly detection on access patterns. Annual third-party penetration testing. Documented incident response process.
AI safety
No training, no leakage, full audit
Every AI request and response is logged for audit. Customer prompts and responses are isolated. We use enterprise-grade AI providers with explicit no-training contracts on your data.
Vendor program
Questionnaire-ready
SIG, CAIQ, and custom security questionnaires answered in 5–7 business days. Trust portal access on request. Customer-specific BAA and DPA available.
Common questions
Security, answered.
Where is our data stored?
By default, customer data is stored in US-based enterprise cloud infrastructure. EU data residency is available — including for downstream AI processing. Talk to us about specific residency requirements.
Do you train your AI models on our data?
No. We use enterprise-grade AI providers with explicit no-training agreements on customer data. Your knowledge is used only to serve your team, never to improve a model that other customers will use.
Can we get a copy of your SOC 2 Type II report?
Yes. Available under NDA via our trust portal. Reach out and we'll get you access in under a business day.
Can we run our own security questionnaire?
Yes. SIG, CAIQ, and customer-specific questionnaires turned around in 5–7 business days.
What happens to our data if we leave?
You can export your data at any time via the platform. Upon contract termination, we securely delete all customer data within 30 days unless legal retention applies. Verifiable deletion certificate available on request.
Who do we contact for a security incident?
Email security@timeml.ai. For coordinated vulnerability disclosure, we follow industry-standard timelines and credit researchers in our public security disclosures.
Get started
Enterprise-ready from day one.
SOC 2 Type II. Encrypted. Audited. Schedule a demo or request our security package.
14-day pilot · SOC 2 Type II · Setup in days · Or call 949-416-5055