Trust & Security

We understand that trust is earned. As a new company, we're committed to complete transparency about our security, certifications, and how we protect your most sensitive data.

Why Trust Matters

We know you're considering giving us access to your most sensitive data: emails, calendar, video calls, and team chats. That's a significant decision, and we take that responsibility seriously.

As a new company, we understand the concerns. That's why we're building with transparency, security-first architecture, and a commitment to earning your trust every day.

Who We Are

Founder Background

Jordan Strande, Founder & CEO, has academic credentials from Colorado State University and previously led AI R&D at SpinFlow AI. We're building on real experience, not just promises.

Company Location

Based in Lakewood, Colorado, USA. We're a real company with a physical presence, not a faceless entity. You can reach us at contact@nurallabs.com or visit our office.

Building in Public

We're committed to transparency. Follow our progress on GitHub, LinkedIn, and Twitter. We share updates, answer questions, and welcome feedback.

Security & Certifications

SOC 2 Principles

Our platform is designed to SOC 2 and GDPR principles. We are beginning our official SOC 2 Type 1 audit process in Q1 2026. We're built on secure-by-design cloud infrastructure that meets SOC 2 requirements.

Status: Designed to SOC 2 principles, audit beginning Q1 2026

GDPR Principles

We're designed with GDPR principles from day one. You control your data, can export it anytime, and can request deletion. Our architecture follows GDPR requirements for data protection and privacy.

Built for international compliance

End-to-End Encryption

Your data is encrypted at-rest (AES-256) and in-transit (TLS 1.2+). Your conversations, files, and sensitive information are protected with enterprise-grade encryption.

Technical Security Details

Data Encryption

  • At-Rest Encryption: All data stored in our systems is encrypted using AES-256 encryption.
  • In-Transit Encryption: All data transmitted between your devices and our servers uses TLS 1.2+ encryption.
  • Key Management: Encryption keys are managed securely and never stored alongside encrypted data.

Data Access Controls

  • Employee Access: Our employees cannot access your data. Access is restricted by default and only granted for specific support reasons with your explicit permission.
  • Role-Based Access: All access is logged and audited. Only authorized personnel with a legitimate business need can access data.
  • Zero-Knowledge Architecture: Where possible, we use zero-knowledge encryption so even we cannot decrypt your data without your keys.

Infrastructure Security

  • Cloud Infrastructure: We are built on secure-by-design cloud infrastructure (AWS/Google Cloud/Azure) that meets SOC 2 requirements and undergoes regular security audits.
  • Regular Security Updates: Our infrastructure is continuously monitored and updated with the latest security patches.
  • Disaster Recovery: We maintain regular backups and have disaster recovery procedures in place to ensure data availability.

Data Privacy Commitment

  • No Data Selling: We will never sell your data or use it to train models for other customers. Your data is yours alone.
  • No Third-Party Sharing: We do not share your data with third parties except as required by law or with your explicit consent.
  • Model Training: Your data is never used to train AI models for other customers. Each customer's AI learns only from their own data.

Data Control & Privacy

You Control What We Know

  • Selective Learning

    You choose which emails, conversations, and files the AI can access. Nothing is accessed without your explicit permission.

  • Data Export

    Export all your data at any time in standard formats. You own your data, always.

  • Deletion Rights

    Request complete data deletion at any time. We'll remove all your data from our systems within 30 days.

  • No Data Sharing

    We never sell your data. We never share it with third parties. Your data is yours alone.

Addressing Common Concerns

"You're a new company. Why should I trust you?"

We understand this concern. That's why we're building with transparency, security-first architecture, and open communication. We're not hiding behind marketing—we're showing you exactly who we are, what we're building, and how we protect your data. Every company starts somewhere, and we're committed to earning your trust through actions, not just words.

"How do I know your security claims are real?"

We're being transparent about our current status: we're designed to SOC 2 and GDPR principles and are beginning our official SOC 2 Type 1 audit process in Q1 2026. We're built on secure cloud infrastructure (AWS/Google Cloud/Azure) that meets SOC 2 requirements. We're also open to security audits from enterprise customers. Transparency means being willing to prove our claims, not just make them.

Our Path Forward: We're using compliance automation platforms (like Vanta or Drata) to systematically build our security controls and prepare for our SOC 2 audit. This is how modern tech companies efficiently achieve certification.

"What happens if you go out of business?"

Your data is always exportable. We've built data portability from day one. If you ever need to leave, you can export everything in standard formats. We're building for the long term, but we're also realistic—your data shouldn't be locked in.

Questions? We're Here to Answer

Trust is built through conversation. If you have questions about our security, our company, or how we protect your data, we want to hear from you.