Trusted by
For the Critical Workflows
Puntt AI protects your data with strong security and privacy controls, built for regulated teams.
Enterprise-Grade Protection
Dedicated Security Expertise
Puntt's in-house security team spans infrastructure, product, and operations. We implement robust security protections across the stack, with 24/7 coverage and end-to-end monitoring.
Data Sovereignty and Control
With Puntt AI, you retain full control over your data. Decide which data to upload, set retention policies, delete data anytime, and keep everything in-region—EU, US, or Australia.
No Model Training
Puntt AI contractually guarantees through our Security Addendum that your data stays yours. We don’t use inputs, outputs, or uploaded documents to train underlying models.
Enterprise-grade Features
Puntt AI includes default controls that enterprise teams expect: SAML SSO, audit logs, IP allow-listing, data lifecycle management, and more.
Enforceable Contractual Commitments
Puntt's Security Addendum includes binding terms on data protection, data access, incident response SLAs, and other controls aligned with SOC 2, ISO, GDPR and other standards. Our commitments are auditable, enforceable, and built to exceed standard vendor terms.
Independently Tested
Puntt AI partners with top-tier security firms, including Schellman, NCC Group and Bishop Fox, to perform in-depth audits. This offers external validation that Puntt meets the highest standards of resilience.
Compliant with Industry Standards
SOC2 Type II
CCPA
ISO 27001
GDPR
DPF
Security is Fundamental to Everything We Do
We’ve built a comprehensive system that protects data at every level-from robust user authentication to vigilant network monitoring. Our approach combines cutting-edge technology with rigorous protocols, ensuring that information remains secure in an ever-changing digital landscape. We constantly test and improve our defenses, staying ahead of potential threats to maintain the trust our clients place in us.
FAQs
How does Puntt define customer data?
Puntt defines “customer data” as documents uploaded into the application by customers of Puntt. This does not include queries or responses. We define “customer content” as queries provided by a user to Puntt and corresponding responses from Puntt. This does not include the raw uploaded documents, but model responses may be derived from uploaded documents. While these are separate terms defined in Puntt's legal contracts and service agreements, in most cases we talk about customer data and content together.
How does Puntt keep my data private and secure?
Puntt encrypts all data at rest and in transit, uses strong access controls, and, by default, never trains on customer data. Puntt undergoes annual SOC 2 Type II and ISO 27001 audits to validate these controls. Additionally, Puntt passes on these obligations and contractual security commitments to subprocessors and external model providers. Customer data for each customer is logically separated to prevent any commingling of data between customers and Puntt implements strict access controls following the principle of least privilege.
Where is my data hosted and processed?
Puntt hosts its cloud environment in Microsoft Azure. For customers with requirements or preferences for data localization we offer processing in the EU and Switzerland or Australia. This applies to Puntt subprocessors as well.
How do you respect access controls for client data?
Puntt enforces strict role-based access controls and logical workspace separation to ensure that only authorized users can access specific customer data. Customers can determine what data to upload to Puntt, how long it is retained, and whether that data can be shared with others within the company.
How does Puntt ensure no one is training on my data?
Puntt contractually prohibits model providers from training on customer data and only uses your data for processing your requests, not for model improvement. Puntt requires Zero Data Retention (ZDR) by model providers.
Can we use our data for model training?
Yes, but only if you explicitly request it. In that case, a bespoke model is created exclusively for you, and your data is never used to train models used by other customers.
How often do you perform security audits and vulnerability assessments?
Puntt conducts automated vulnerability scans, annual third-party penetration tests, and maintains continuous security monitoring.
Move Fast. Stay Safe.
Book a Demo
©2026 Meaningful Gigs, Inc.