Last updated: May 2026 · Questions? terry@sowaudit.com
Your SOW data is encrypted in transit and at rest. It is never sold, never shared with third parties, and never used to train AI models. Only you can access your audit history. Our infrastructure partners are SOC 2 Type II certified.
We do not collect payment card data — all billing is handled by Stripe, which is PCI DSS Level 1 certified.
When you submit a SOW for analysis, the text is sent over an encrypted HTTPS connection to our servers, then passed to the Anthropic Claude API for analysis. The findings are returned and stored in your account so you can access your audit history and re-download reports.
Your SOW text is stored in your account only. No SOWaudit staff member reviews your SOW content. No other user can access your data. We do not use your SOW text for any purpose other than generating your audit report.
Anthropic's API usage policy prohibits using API inputs to train their models. Your data is not used to train any AI.
SOWaudit is built on enterprise-grade infrastructure. All components are SOC 2 Type II certified or equivalent.
Your audit history and SOW data is retained as long as your account is active. You can delete individual audits from your history or delete your entire account at any time from account settings. Account deletion is immediate and permanent — all associated data is removed from our systems.
SOWaudit does not sell, rent, or share your data with third parties for marketing or any other commercial purpose. The only third parties that receive any portion of your data are the infrastructure providers listed above, solely for the purpose of operating the service.
If you have a security question, a data request, or want to report a vulnerability, reach out directly.
Terry Reese — Founder, SOWaudit
Email: terry@sowaudit.com
We respond to all security inquiries within 1 business day.