Trust

Security you can put in front of sensitive data.

Sema is built so you can put AI in front of sensitive data with confidence. Governance, access control and auditability are core to the product — not bolt-ons.

SOC 2 Type II

In progress. Reach out for our current report status and timeline.

GDPR-ready

Data processing addendum available; EU data handling on request.

HIPAA on request

PHI is auto-classified and masked by role; BAA available for eligible plans.

Encryption

Encrypted in transit (TLS) and at rest. Credentials are never logged.

Access control

Role-based access, restricted-column masking, and per-workspace isolation.

Audit log

Every query, plan and config change is recorded to an append-only log.

Responsible disclosure

Found a vulnerability? We appreciate coordinated disclosure. Email security@semalayer.com.