Security

CW Frontier completed a SOC 2 Type 2 examination of its infrastructure, performed by an independent auditor. A SOC 2 Type 2 report covers both the design of our controls and their operating effectiveness over a period of time, rather than at a single point.

The examination addresses controls relevant to the security of the systems we use to deliver our products across the company. The report is detailed and intended for use during a diligence review; if your firm needs a copy to support its vendor assessment, contact us through the resources below.

The SOC for Service Organizations badge on this page links to the AICPA, which owns the mark and maintains the program.

Customer data is protected with encryption in transit and at rest across our production infrastructure and managed storage providers. Connections to our products use modern transport encryption, and data held by the services we operate is encrypted where it lives.

We maintain administrative, technical, and organizational safeguards designed to protect customer content and account information against unauthorized access, use, alteration, disclosure, or destruction. These include, as appropriate to each product:

• Reputable cloud infrastructure and service providers;
• Tenant isolation and access controls that limit access to authorized personnel and users;
• Authentication and account security measures;
• Logging, monitoring, and security event review;
• Backup and recovery processes;
• Vendor and subprocessor oversight; and
• Incident response and remediation procedures.

We may update these measures over time to reflect changes in technology, industry practices, and legal requirements. For the full commitments, see our Terms of Use.

Where our products use AI, customer-content requests are routed through our AI gateway with guardrails applied before anything reaches a model provider. Those guardrails include:

• Zero-data-retention routing — we configure model endpoints that do not retain customer prompts or responses for training;
• Prompt-injection detection on incoming content;
• Redaction of common sensitive-data patterns, such as Social Security numbers, payment card numbers, and IP addresses.

Not every product uses AI. Where it does, we treat AI as infrastructure that extends your work — not as a place your clients' data is exposed.

We do not use customer-submitted content to train AI models. Customer inputs are processed to return the requested result and are not retained by us as raw context; uploaded source files are used to generate the requested deliverable and are not kept as original files.

How we collect, use, and retain information across our products is described in full in our Privacy Policy.

If we become aware of a confirmed security incident affecting customer content, we will take reasonable steps to investigate, contain, mitigate, and remediate the issue, and provide notice as required by applicable law and our contractual obligations. No method of transmission or storage is completely secure, and nothing here is a guarantee against all threats.

If you are evaluating us as the company behind a product your firm depends on, these resources are a good place to start:

• CW Frontier Innovations Trust Center → — live controls and reports for the whole company
• AICPA SOC for Service Organizations → — about the examination program
• Privacy Policy →
• Terms of Use →

Have a security question or need our report for a vendor review? Email info@cwfrontierinnovations.com.