Last updated: September 2025

Security & Privacy FAQs

We understand the critical importance of security and privacy for internal teams, both, from a commercial and legal perspective. We are committed to keeping your data private and secure. Our team brings expertise from top law firms like Clifford Chance, hedge funds like DE Shaw, and the UK cyber security and intelligence agencies, with a strong background in security.

What data security does WilsonAI offer?

Our security measures include:

  • We use Neon and ensure that each user has their own private and segregated data stores, isolating data from other users.
  • Authentication and user management are handled by Clerk, adhering to their security protocols.
  • Encryption of user data at rest (AES-256) and in transit (TLS 1.2+).• WilsonAI uses SOC-2 compliant vendors and third party software providers.
  • All data, including read replicas, can be stored in a data center located in a specific region upon request.
  • Our pilot agreements and terms of use specify your rights to delete your data at any time and our privacy obligations.
  • This security setup is similar to the top enterprise cloud providers like Microsoft Azure, Amazon AWS, and Google Cloud.
  • WilsonAI has established zero data retention agreements with LLM providers (such as OpenAI and Anthropic).
  • Data Processing Agreements (DPAs) are available upon request to formalize our data handling commitments.
  • Our online terms of service specify your rights to delete your data at any time and our privacy obligations.

How do you handle legally privileged and confidential information?

  • All data is treated with attorney-client privilege in mind
  • No cross-contamination between client matters or organizations
  • Maintained audit trails for user activities

What about infrastructure security?

  • Our cloud infrastructure is hosted in US, UK or EU data centers with data residency options for enterprise customers
  • Multi-factor authentication (MFA) available for administrative access
  • Regular penetration testing and vulnerability assessments
  • 24/7 security monitoring and incident response capabilities

What LLM providers does WilsonAI use? Do they train on my data?

Neither WilsonAI nor our LLM providers train AI models on your data. Currently,WilsonAI uses OpenAI, Anthropic and Google’s models via their APIs and, on request, the latest Open Source models.

OpenAI

  • Data sent to Open AI’s API is not used for training (Open AI Enterprise PrivacyPolicy).
  • Data is not retained unless for potential abuse (in which case it can be examined for a maximum of 30 days before deletion) or subject to legal requirements.
  • OpenAI’s models and their zero-retention policy are trusted by the US government, major banks, and law firms. Open AI’s models are trusted by many existing AI tools including Microsoft Copilot.

Google

  • Data sent through Google’s paid Gemini API is not used for training (Gemini APIAdditional Terms of Service).

Anthropic

  • Anthropic do not use API data for training (Anthropic Privacy terms).

What access controls do you have?

WilsonAI uses Clerk for authentication and access control, which includes:

  • Secure authentication through Clerk, which has SOC 2 Type II and ISO27001 certifications (Clerk Security Overview).
  • Account-specific log-in sessions.
  • API endpoints protected by authentication.
  • Row-level security protocols for organization roles.

Is my data used to train an AI model?

Company information or data input into WilsonAI is not used to train AI models byWilsonAI or our LLM providers, except for updating your Company’s specific WilsonAI Superbrain or playbooks. This is formalized through our zero data retention agreements with OpenAI and Anthropic.

Any other questions?

Please contact us at:

Gus CEO – gus@getwilson.ai

Alex CTO – alex@getwilson.ai