Security & privacy

Built for regulated industries.

Enterprise-grade security baked into every layer. Passwordless SSO on every tier, AES-256 at rest, TLS 1.2+ in transit, customer data never used to train AI models.

Data encrypted

At rest with AES-256. In transit with TLS 1.2+ and modern cipher suites.

No SSO Tax

SSO and OAuth 2.0 via Microsoft or Google. No passwords to manage or leak. Included on every tier, not gated behind an enterprise upgrade.

Privacy by design

Compliant with GDPR, CCPA, and Google API Services User Data Policy.

SOC 2 & AI Act

Built to align with global AI regulations from day one.

Ask EQALL Security

Common questions, answered live.

Completing a vendor risk assessment? Ask our security assistant. For deeper review, please schedule a meeting.

Topics this assistant can answer

  • Who at EQALL can access our data
  • Whether customer data is used to train AI models
  • Encryption standards (AES-256, TLS 1.2+)
  • Authentication and passwordless SSO via Microsoft and Google
  • SOC 2 / ISO 27001 status
  • Data deletion timelines after a trial or termination
  • GDPR & CCPA compliance
  • OAuth token security
  • Single-tenant vs multi-tenant deployments
  • Breach notification SLA
Common questions

Security & Privacy FAQ

Who at EQALL can access our data?

No one at EQALL accesses customer data unless the customer provides explicit written permission or EQALL is legally required to. In those rare cases, access is strictly limited to a small number of authorized employees, fully logged, and reviewed as part of internal compliance procedures.

Is customer data used to train AI models?

No. EQALL does not use customer data to train or fine-tune any generalized AI models. Customer data remains isolated and is used only for delivering the service. Anonymized or aggregated inputs may be used for QA, reliability, and abuse prevention.

What encryption does EQALL use?

Data in transit is protected with TLS 1.2+ using modern cipher suites. Data at rest is encrypted with AES-256. OAuth tokens are encrypted at rest, never stored in plaintext, and rotated automatically.

Does EQALL support SSO and what does authentication look like?

Yes. EQALL uses passwordless single sign-on (SSO) only. Users authenticate with their existing Microsoft and Google identity, via OAuth 2.0 + OIDC. There are no passwords to manage or compromise. SSO is included on every tier (Free Trial, PRO, and Enterprise), not gated behind an enterprise upgrade. This means teams get enterprise-grade authentication without paying an SSO tax.

Is EQALL SOC 2 or ISO 27001 certified?

Both SOC 2 Type II and ISO 27001 are in progress, with both certifications expected mid-to-late 2026. For current compliance posture, contact us at https://www.eqall.com/contact.html or schedule a security review.

Does EQALL comply with GDPR and CCPA?

Yes. EQALL complies with GDPR, CCPA, the Google API Services User Data Policy (including Limited Use), and Apple App Store privacy requirements.

Where is data stored?

Customer data is stored in secure US-based data centers. For enterprise deployments, EQALL can support region-specific data residency requirements.

How long is data retained after termination?

Customer data is retained for the duration of the contracted agreement. After unsubscribing, all data is securely deleted or anonymized within 30 days, except limited information required by law. Configurable retention periods are available.

Does EQALL support single-tenant deployments?

Yes. Multi-tenant with strict logical separation is the default. Single-tenant (dedicated infrastructure) is available for organizations with enhanced security or regulatory requirements.

What is EQALL's breach notification SLA?

Regulatory requirements allow up to 72 hours. EQALL's internal target is notification within 24 hours of confirming a breach. EQALL maintains an incident response program covering detection, containment, remediation, recovery, and communication.

What permissions does EQALL require?

Minimum required: read access to the user's calendar and meeting attendees. Optional, user-controlled permissions include contacts, send-email, and meeting transcripts/recordings. Users can restrict optional permissions at any time, and admins can control OAuth permissions at the tenant level.

Ready for deeper review?

Talk to our security team.

Contact us or schedule a 45-minute security workshop with our team.