Trust Center
Security and privacy are foundational to Journey.ai. This Trust Center is designed to streamline security reviews and provide transparency into our security posture and compliance program.
Security-first by design.
Journey enables regulated customer workflows—payments, authentication, forms, and documents—without exposing raw sensitive data to agents or AI systems. We take a security-first approach to how we build, deploy, and operate our platform.
Security Documentation
Depending on your review requirements, we can provide:
- SOC 2 report
- PCI DSS AOC
- Security policies and control summaries
- Penetration testing summary (and supporting documentation where appropriate)
- Subprocessor list
- Data protection and privacy documentation
High Level
Security Practices
- Strong encryption in transit and at rest
- Role-based access controls and least privilege
- Continuous monitoring and alerting
- Vulnerability management and regular testing
- Secure SDLC practices
- Incident response and business continuity planning
Privacy and data handling
Journey is designed to reduce exposure of sensitive inputs by keeping regulated data out of agent desktops, call recordings, transcripts, and AI model context whenever possible. We support customer requirements for privacy, retention, and routing to destination systems.
Subprocessors
We maintain a list of subprocessors used to deliver and support Journey.ai services. Subprocessor details are available upon request or through the security documentation package.
Report a vulnerability
If you believe you’ve found a security vulnerability, please contact us.
Interested
Want to speed up your security review?
Send us your security questionnaire or requirements list. We’ll provide the relevant documentation and set up time with our team if needed.
If you’re using Drata: Embed or link to your Drata Trust Center portal for document requests and NDA gating.