Security & privacy

Built for regulated industries.

Enterprise-grade security baked into every layer.

Data encrypted

At rest with AES-256. In transit with TLS 1.2+ and modern cipher suites.

Enterprise IAM

SSO and OAuth 2.0 via Microsoft, Google, Zoom, and LinkedIn.

Privacy by design

Compliant with GDPR, CCPA, and Google API Services User Data Policy.

SOC 2 & AI Act

Built to align with global AI regulations from day one.

Ask EQALL Security

Common questions, answered live.

Completing a vendor risk assessment? Ask our security assistant. For deeper review, please schedule a meeting.

Topics this assistant can answer

  • Who at EQALL can access our data
  • Whether customer data is used to train AI models
  • Encryption standards (AES-256, TLS 1.2+)
  • SOC 2 / ISO 27001 status
  • Data deletion timelines after a trial or termination
  • GDPR & CCPA compliance
  • OAuth token security
  • Single-tenant vs multi-tenant deployments
  • Breach notification SLA
Common questions

Security & Privacy FAQ

Who at EQALL can access our data?

No one at EQALL accesses customer data unless the customer provides explicit written permission or EQALL is legally required to. In those rare cases, access is strictly limited to a small number of authorized employees, fully logged, and reviewed as part of internal compliance procedures.

Is customer data used to train AI models?

No. EQALL does not use customer data to train or fine-tune any generalized AI models. Customer data remains isolated and is used only for delivering the service. Anonymized or aggregated inputs may be used for QA, reliability, and abuse prevention.

What encryption does EQALL use?

Data in transit is protected with TLS 1.2+ using modern cipher suites. Data at rest is encrypted with AES-256. OAuth tokens are encrypted at rest, never stored in plaintext, and rotated automatically.

Is EQALL SOC 2 or ISO 27001 certified?

Both SOC 2 Type II and ISO 27001 are in progress, with both certifications expected mid-to-late 2026. For current compliance posture, contact security@eqall.com or schedule a security review.

Does EQALL comply with GDPR and CCPA?

Yes. EQALL complies with GDPR, CCPA, the Google API Services User Data Policy (including Limited Use), and Apple App Store privacy requirements.

Where is data stored?

Customer data is stored in secure US-based data centers. For enterprise deployments, EQALL can support region-specific data residency requirements.

How long is data retained after termination?

Customer data is retained for the duration of the contracted agreement. After unsubscribing, all data is securely deleted or anonymized within 30 days, except limited information required by law. Configurable retention periods are available.

Does EQALL support single-tenant deployments?

Yes. Multi-tenant with strict logical separation is the default. Single-tenant (dedicated infrastructure) is available for organizations with enhanced security or regulatory requirements.

What is EQALL's breach notification SLA?

Regulatory requirements allow up to 72 hours. EQALL's internal target is notification within 24 hours of confirming a breach. EQALL maintains an incident response program covering detection, containment, remediation, recovery, and communication.

What permissions does EQALL require?

Minimum required: read access to the user's calendar and meeting attendees. Optional, user-controlled permissions include contacts, send-email, and meeting transcripts/recordings. Users can restrict optional permissions at any time, and admins can control OAuth permissions at the tenant level.

Ready for deeper review?

Talk to our security team.

Email security@eqall.com or schedule a 30-minute security review with our team.

Schedule a reviewEmail security