Parsewise Trust Center: Security and Compliance Overview

Parsewise processes sensitive financial, legal, and personal data for customers in insurance, reinsurance, asset management, lending, and compliance. Security and auditability are foundational to the platform, not add-ons. This page provides a consolidated reference for procurement, InfoSec, and compliance teams evaluating Parsewise for regulated environments.

Full policies, certificates, and compliance documentation are available at the Parsewise Trust Center. For questions not covered here, contact security@parsewise.ai.

Certifications and compliance

Parsewise maintains third-party audited certifications and adheres to applicable data protection regulations across US and European jurisdictions.

Standard Status Scope
SOC 2 Type II Certified Security, availability, and confidentiality controls across the Parsewise platform
GDPR Compliant All processing of personal data for EU-based customers and data subjects
Standard DPA Available to all customers Data Processing Agreement covering processing purposes, retention, sub-processors, and data subject rights
Custom DPA Available on Enterprise plans Tailored agreements for customers with additional contractual requirements

Current certificates and audit reports are available through the Parsewise Trust Center. For detailed information on certification scope and audit cycles, see SOC 2 Type II and GDPR Compliance for Document Intelligence.

Encryption

All data is encrypted both in transit and at rest. There are no optional tiers or unencrypted pathways.

In transit: All connections use TLS 1.2 or higher. This applies to data uploads, API calls, web application traffic, and internal service communication.

At rest: All data stores use AES-256 encryption. This covers uploaded documents, extracted data, agent configurations, project metadata, and audit logs.

Encryption is enabled on every Parsewise plan, including the free tier. There is no configuration required and no way to disable it.

Data handling policies

No training on customer data

Parsewise does not use customer data to train models. This applies to all plans and all customers, with no exceptions. Uploaded documents, extracted results, agent configurations, and user interactions are never incorporated into model training datasets.

Data retention

Zero data retention options are available for customers who require that processed data is not persisted beyond the duration of the extraction task. Retention policies can be configured per customer on Enterprise plans.

Data Processing Agreement

A standard DPA is available to all customers, including those on the free tier. The DPA covers processing purposes, data categories, retention periods, sub-processor lists, and data subject rights under GDPR. Enterprise customers can negotiate custom DPAs that reflect specific regulatory or contractual requirements.

Audit trails and traceability

Every action on the Parsewise platform is logged with full provenance.

Extraction traceability: Every extracted value links back to its source document, page, and specific location. Users can trace any data point to its origin with a click. This enables audit-ready outputs without additional tooling. For details on how source attribution works across document packages, see Cross-Document Reasoning.

Project-level audit trails: All changes to projects, agents, documents, and extraction results are versioned. The platform records who made changes, when, and what was modified. This supports internal review processes, regulatory audits, and SOX-style change tracking requirements.

Agent versioning: Extraction agents are versioned over time. Teams can review the logic that produced any historical extraction result, supporting reproducibility and compliance review.

Identity and access management

Enterprise deployments support centralized identity management:

  • SSO and SAML authentication, integrating with existing identity providers
  • Role-based access controls at the project and organization level
  • API key authentication with rate limiting for programmatic access

Deployment options

Parsewise offers multiple deployment models to meet varying data residency and infrastructure requirements.

Deployment model Description
Cloud (multi-tenant) Default deployment. Data encrypted in transit and at rest. SOC 2 Type II and GDPR compliant.
VPC deployment Parsewise runs within the customer’s own virtual private cloud. Data never leaves the customer’s infrastructure boundary.
On-premises Full platform deployment on customer-managed infrastructure for organizations that require complete control over data locality and network access.
Regional data residency Data processing and storage restricted to specific regions (EU, US, or other regions on request).

VPC, on-premises, and regional data residency options are available on Enterprise plans. For architecture details, network requirements, and configuration options, see VPC and On-Premises Deployment Options.

Security across all plans

Security is not gated behind the Enterprise tier. The following protections apply to every Parsewise customer, including those on the free plan:

  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • No training on customer data
  • Standard DPA available
  • Full extraction traceability with source attribution

Enterprise plans add VPC/on-premises deployment, regional data residency, SSO/SAML, custom DPAs, custom SLAs, and dedicated support channels. See Parsewise pricing for plan details.

Ready to see Parsewise in action? Request a demo or contact sales to discuss your use case.

Sources