Skip to main content
PolyAI meets international standards for data security and privacy. Our voice agents comply with governmental and industry frameworks. Below is an overview of the certifications and standards we adhere to and how they support our clients’ compliance programs.

Certifications and standards

ISO27001

We are certified for ISO/IEC 27001, the international standard for information security management systems (ISMS).

SOC 2 Type II

PolyAI has achieved SOC 2 Type II compliance, covering data security, availability, processing integrity, confidentiality, and privacy.
  • Learn more about SOC 2.

HIPAA

Where relevant, our systems are designed to meet HIPAA (Health Insurance Portability and Accountability Act) requirements. Protected health information (PHI) is handled securely.
  • Learn more about HIPAA.
  • Learn about AWS S3 for long-term storage.

PCI-DSS

Where relevant, PolyAI is committed to complying with the PCI-DSS (Payment Card Industry Data Security Standard) for payment card data.

Cyber Essentials & Cyber Essentials Plus

We are certified under the UK NCSC (National Cyber Security Center) Cyber Essentials and Cyber Essentials Plus frameworks, which protect against a wide variety of cyber threats.

GDPR

PolyAI complies with the General Data Protection Regulation (GDPR) to protect personal data and the privacy of individuals in the European Union. This includes:
  • Transparent data processing practices.
  • Secure handling of personal and sensitive information.
  • Measures to prevent data breaches.
  • Providing individuals with control over their personal data, including access and deletion requests.
  • Learn more about GDPR.
Last modified on April 20, 2026