Ai

Trust Centre- Security Features and Policies

SOC 2 Type II Compliant

GoCircl has a comprehensive system aimed at protecting your files and data at every stage, from user authentication to uploading and processing your documents. Our approach combines up to date technology and protocols, ensuring that information remains secure. We are constantly improving our security, seeking to stay ahead of potential threats to maintain the trust that you place in us.

Below is a brief summary of our security features, policies and processes. If you’d like to know more, please get in touch.

File Retention & Deletion

To minimize risk from a potential breach, every PDF you upload is automatically purged from our servers after 60 minutes. You can track this countdown in your GoCircl Dashboard. We use automated lifecycle policies and industry-standard secure deletion methods to ensure no residual data remains—eliminating files and narrowing our exposure window.

Encryption in Transit

All communication in transit, between your browser and GoCircl is secured using HTTPS with Transport Layer Security (TLS 1.2/1.3) and at rest (AES-256 via LUKS). Inter-service traffic uses WireGuard 6PN.

Cloud Infrastructure & Compliance

GoCircl is SOC 2 Type II compliant.

GoCircl is hosted on Fly.io, whose infrastructure operates within ISO 27001-certified data centres and is independently audited to SOC 2 Type II. Fly.io’s independent SOC reports demonstrate rigorous controls around security, availability and confidentiality—giving us a hardened, continually audited foundation.

Data Processing, AI & Privacy

All document analysis and annotation occurs within GoCircl’s secure Fly.io environment under GoCircl’s exclusive control — we never send your data to third-party inference engines. There is deliberately no link to, or interaction between GoCircl and any AI, ML or LLM. For background on what GoCircl actually does to a document, see our guide to auditor circle-ups.

Access Control

By design, GoCircl’s team does not have access to your uploaded documents. Any support-related access relies on user input, and we retain minimal metadata on your documents, including: page count, time uploaded, and processing time, for the purpose of tracking GoCircl's performance over time.

Data Minimization

We only collect your name and email to create an account— nothing more. This "data minimization" approach reduces risk and respects your privacy.

Payment Processing

All payments are conducted through Stripe. Stripe is a global, trusted payments infrastructure firm. They encrypt sensitive data both in transit and at rest. Stripe’s infrastructure for storing, decrypting, and transmitting primary account numbers (PANs), such as credit card numbers, runs in a separate hosting infrastructure, and doesn’t share any credentials with the rest of their services. Read more about their security measures here.

Legal Notice

As a user (whether on a free or paid tier), you acknowledge and agree that you are using the system at your own risk, you will abide by our Acceptable Use terms and that all disclaimers and in particular, the Limitation of Liability section in our Terms of Use and Privacy Policy apply to your use of any system.