Security · Trust

Security at Meetzy.

Enterprise-grade controls, by default. Independently audited. EU-resident. Encrypted end-to-end. Yours to inspect.

Request a security review Download security overview (PDF)

Compliance

GDPR

Compliant

LOPDGDD (Spain)

Compliant

EU AI Act + AESIA

Ready

ISO 27001

In progress · target 2026 Q3

SOC 2 Type II

In progress · target 2026 Q4

01

Encryption.

  • — At rest: AES-256
  • — In transit: TLS 1.3
  • — Customer-managed keys (BYOK) on enterprise plans
  • — Quarterly key rotation

02

Access control.

  • — SSO via SAML 2.0 + OIDC (Okta, Azure AD, Google Workspace)
  • — RBAC with 5 default roles + custom roles on enterprise
  • — MFA required for all admin actions
  • — Configurable session timeouts

03

Infrastructure.

  • — Hosted on AWS, EU regions only (Frankfurt + Dublin)
  • — Multi-AZ architecture
  • — Daily backups · 30-day retention
  • — Disaster recovery: RTO 4h, RPO 1h
  • — 99.99% uptime SLA on enterprise plans

04

Audit logging.

  • — Every API call logged · 90-day retention default · 7-year retention available
  • — Logs exportable to your SIEM (Datadog, Splunk, etc.)
  • — Tamper-evident log chain

05

Vulnerability management.

  • — Annual third-party penetration testing
  • — Quarterly internal pen tests
  • — Continuous SAST + DAST in CI/CD

06

Responsible disclosure.

Found a vulnerability? Email security@meetzy.io. We triage within 24 hours and fix critical issues within 7 days.

07

AI-specific safeguards.

  • Your data is not used to train any third-party model. Period.
  • — Per-customer LLM provider opt-out
  • — Prompt-injection detection
  • — PII masking in logs

08

Incident response.

  • — Detection within 15 minutes (24/7 SOC monitoring)
  • — Customer notification within 24 hours
  • — Post-incident review published within 30 days

09

Sub-processors and data flow.

See our DPA for the full sub-processor list and data-flow diagram.

Frequently asked

Security questions, answered.

Can we audit Meetzy?

Yes, on enterprise plans, on request.

Where is my data stored?

EU only — AWS Frankfurt or Dublin. Data never leaves the EU.

Do you train on customer data?

No, never. We don't share customer data with third-party model providers for training.

What's your incident notification SLA?

24 hours from detection.

Do you support SSO?

Yes — SAML 2.0 and OIDC, on enterprise plans.

Have a specific security question?

Reach our security team at security@meetzy.io — we reply within one business day.

Request a security review Email security team