Security & Compliance

Compliance & Trust

We believe transparency about security and compliance is a feature, not a footnote. Here is exactly where MyAIConsent stands today — honestly.

Last updated: March 2026

Compliance Overview

Our current status across major security and compliance frameworks

95%

GDPR

EU data protection regulation

✓ Compliant
55%

ISO 42001

AI management system standard

⟳ In Progress
35%

SOC 2

SaaS security compliance audit

⟳ In Progress
30%

HIPAA

US healthcare data protection

◎ Roadmap

GDPR — 95%

General Data Protection Regulation

✓ Compliant

The General Data Protection Regulation applies to any platform handling data of EU residents. Even based in Melbourne, if a European user signs up, GDPR applies.

What we have

  • Published privacy policy
  • Session-only cookies — no tracking, no advertising, no third-party pixels
  • HTTPS throughout — all data encrypted in transit
  • Two-factor authentication for all email/password users
  • Data deletion — users can delete twins, files, and their entire account
  • Data export — users can download all their personal data as a ZIP file
  • Audit logs — all admin actions recorded
  • Content never used for AI training — RAG only, your data stays yours
  • Rate limiting on all endpoints

What is missing

  • Data Processing Agreement template for enterprise customers
"At 95%, MyAIConsent is GDPR compliant for standard B2B use cases. The remaining 5% is a legal document, not a feature."

ISO 42001 — 55%

AI Management System Standard

⟳ In Progress

The AI equivalent of ISO 27001. Released in 2023 specifically for AI systems. Covers responsible AI, bias management, transparency, and human oversight.

What we have

  • Human oversight (users control their own content)
  • Transparency (users know what AI model is used)
  • Content consent layer (the name of the platform)
  • No training on user data
  • Audit logs

What is missing

  • Formal AI risk assessment
  • Bias monitoring
  • Documented AI governance policy
"Consent-first architecture is ISO 42001 alignment by design. The remaining gaps are documentation, not architecture."

SOC 2 — 35%

Service Organization Control 2

⟳ In Progress

The gold standard for SaaS security compliance. Requires an independent audit of security controls across availability, confidentiality, and processing integrity.

What we have

  • Audit logs
  • Role-based access controls
  • Two-factor authentication
  • Rate limiting
  • HTTPS
  • Data isolation between users

What is missing

  • Formal written security policies
  • Penetration testing
  • Incident response plan
  • Vendor risk assessments
  • Independent audit and certification
"SOC 2 certification costs $20,000–$50,000 and takes 6–12 months. It is a milestone for when the platform reaches $50K+ MRR."

HIPAA — 30%

Health Insurance Portability and Accountability Act

◎ Roadmap

The US standard for healthcare data protection. The hardest compliance to achieve without enterprise vendor support and dedicated compliance budget.

What we have

  • HTTPS in transit
  • Audit logs
  • Role-based access controls
  • Data deletion capability
  • Data encryption at rest (field level)

What is missing

  • Data encryption at rest (database level)
  • Business Associate Agreements with Anthropic, OpenAI, Pinecone
  • Formal risk assessment
  • Incident response and breach notification plan
  • Dedicated Privacy Officer
"If you are a healthcare provider wanting to handle PHI — I respect you too much to pretend we are ready. Let us talk about a white-label partnership instead."

Questions about compliance?

If you are evaluating MyAIConsent for enterprise use, regulated industries, or have specific compliance requirements — reach out directly.

Contact Us