Security & Privacy

• SocPilot does not train public AI models on customer-submitted data.
• Uploaded reports, screenshots, logs, and indicators are used only to provide platform functionality and analyst workflows.
• Submitted data is not sold, shared for advertising, or repurposed outside of analyst-facing features.

• Privacy Mode is enabled by default across analyzer workflows.
• Sensitive indicators (IPs, emails, hostnames, URLs, secrets) can be redacted before any AI processing.
• Analysts remain in control of what is submitted, and may review redactions before sending data downstream.

• SocPilot uses AI to assist with incident reporting and phishing analysis.
• Results are intended to support, not replace, analyst judgment.
• AI outputs may contain inaccuracies, omissions, or misclassifications.
• Analyst review is recommended before acting on any AI output.

• Uploaded files and screenshots are used for static analysis only.
• SocPilot does not execute uploaded files.
• SocPilot does not automatically open suspicious links.
• No malware detonation or sandboxing occurs.

• Reports and uploaded artifacts are stored securely.
• Authentication is required to access saved reports.
• Users can delete saved reports and uploaded artifacts at any time.
• Uploaded evidence is retained only to support analyst workflows and saved reports.
• Redacted exports are available for external sharing scenarios.

• Data is encrypted in transit using HTTPS/TLS.
• Sensitive data is protected during storage and access workflows.
• Authentication is required for access to saved reports and analyst data.
• API keys and secrets are handled server-side and never exposed to the browser.

• Saved reports are scoped to authenticated user accounts and workspaces.
• Users cannot access reports belonging to other accounts.
• Protected backend workflows enforce row-level access controls on all analyst data.

• SocPilot may use third-party reputation services such as VirusTotal.
• Reputation checks are supplemental signals, not verdicts.
• Third-party services may process submitted indicators under their own terms.

• Secure authentication for all analyst accounts.
• Server-side API key handling — keys never reach the browser.
• Protected backend functions with row-level access controls.
• Principle of least privilege across data access paths.
• Privacy-focused workflows from input to export.

• SocPilot is intended for defensive cybersecurity workflows.
• Users are responsible for lawful and ethical use of the platform and its outputs.

Questions about security or privacy practices? Contact the SocPilot team.