Security & Trust
How TrustGate handles your data · Exonara Technologies · February 2026
TrustGate is built for compliance and audit. This page summarizes how we handle data so you can assess risk and share it with security, legal, or procurement.
1. Data flow
- Upload: Your dataset (CSV or similar) is sent over HTTPS to our servers.
- Processing: Assessment runs in memory. We analyze structure, column types, and patterns to produce privacy, quality, and bias signals—then a single governance verdict.
- No long-term storage of your dataset: We do not persist your uploaded file or raw rows. Processed results (verdict, scores, findings) may be stored only as needed for your account (e.g. assessment history, Evidence Packs) under your plan.
2. What we do not store
- We do not store your CSV or dataset files. Uploaded files are processed in memory and not written to disk or any database.
- We do not store the raw contents of your dataset after the assessment run.
- We do not use your data to train models or improve our algorithms beyond aggregate, anonymized metrics (e.g. verdict distribution) where permitted by your plan and our Privacy Notice.
- Proof-of-assessment pages and shareable links expose only verdict, score, date, and Evidence Pack ID—no PII and no dataset.
3. Encryption and transport
- All traffic between your browser and our servers uses TLS (HTTPS).
- Data at rest (e.g. assessment history, proof tokens) is stored in a controlled environment; we follow industry practices for access control and integrity.
4. Evidence Pack and audit trail
For Pro and Enterprise users we generate attested Evidence Packs and maintain assessment history. These records are tied to your account and intended for your audit and compliance. They do not include raw dataset contents—only verdicts, scores, findings, and methodology stamps.
5. Compliance and DPA
If you need a Data Processing Agreement (DPA), SOC2 documentation, or specific security questionnaires, contact us. We can provide a standard DPA and high-level security overview for enterprise customers.
Summary. Your data is processed in memory for the assessment; we do not keep your dataset. Verdicts and audit artifacts are stored as needed for your plan. Transport is encrypted; proof links and public pages expose no PII.
← Back to TrustGate · Methodology · Terms