Confidentiality is the foundation
Cortea is built to meet the security and secrecy standards the audit profession demands.
AI Methodology
No model training
Your data never trains or improves any AI model. Contractually guaranteed.
Full Data isolation
Strict separation of data across every client and engagement.
No selling or sharing
Client and engagement data is never shared with third parties.
Data deletion
Remove all your data at any point, on demand, with immediate effect.
Traceable
Every action is logged, every output shows sources, changes, and rationale. Each step is auditable.
Transparent
Full visibility into every AI action, decision, and output. No black-box AI.
Secure by Design
- EU- or US-based hosting on Google Cloud
All client data stored and processed within the European Union or the United States, depending on your requirements.
Encrypted at rest
AES-256 encryption applied to all stored data across the entire platform. No exceptions, no gaps.
Encryption in transit
All connections secured via HTTPS/TLS.
- Data segregation
Strong segregation through application- and database-level controls, ensuring data stays private across every organization and every engagement.
Multi-factor authentication
MFA available for all accounts.
Infrastructure & Operations
Penetration testing
Regular third-party tests and automated vulnerability scanning.
Encrypted backups
Daily backups with geographic redundancy within the EU.
Incident response
Documented and rehearsed program with rapid triage and notification.
Documentation & Compliance
SOC 2 Type I report
Available under NDA.
ISO 27001 certificate
Available on request.
Vendor security questionnaires & Additional documentation
We are happy to fill out vendor security questionaires, and will provide compliance docs, DPAs, and subprocessor lists available upon request.