Security & trust
How we run audits without surprises for your IP and security teams
Effio's entry engagement is a scoped operational and AI efficiency audit. We combine repeatable measurement with expert validation. On the site we keep this overview short. After a mutual NDA we share the full trust pack for your teams, including subprocessors, retention, and wording that maps cleanly to DPAs and security questionnaires.
Access model
- By default we use read only access, exports you provide, or both. A standard audit does not ask for production write access.
- The SOW lists what is in scope and what is not, so there is no open ended crawl of your estate.
- Named people on the project, least privilege, and MFA on our corporate accounts.
Automation and manual review
Automation speeds up inventory and measurement. Reviewers still own what goes into your deliverables, in the same spirit as automated security scanning followed by human triage.
- We prefer scripts and fixed checks when they answer the question. If generative AI is used at all, it is only with wording you approve in the contract, on trimmed inputs, and with structured outputs.
- How we run the work internally (playbooks, prompts, scoring) stays Effio IP. Your data and your report stay yours.
Data handling (summary)
- We only take what we need for the audit. Retention and deletion follow what we sign with you.
- By default we do not use your confidential material to train third party models. Exact API settings and subprocessors are listed in the security appendix so your lawyers can verify them.
For procurement and InfoSec
After a mutual NDA, ask your Effio contact for the trust bundle, including subprocessors, retention, AI use policy, and incident contacts. It is built so procurement and InfoSec can review it without a long back and forth on basics.