Wolfia Trust Center Trust Center

We help sales, security, and support teams get answers in seconds without depending on subject-matter experts. Our AI agent connects to every source that already holds the truth (Google Drive, Notion, Slack, email, website, trust center, SOC 2 docs, etc.). It keeps that knowledge graph fresh on its own and drafts, validates, and formats responses to customer questions, security questionnaires, and RFPs, all in the background, so your team just reviews and ships.

Powered by Wolfia. Review compliance certifications, security policies, subprocessors, and request access to detailed documentation.

Skip to main content
Wolfia Trust Center

Wolfia Trust Center

We help sales, security, and support teams get answers in seconds without depending on subject-matter experts.

Our AI agent connects to every source that already holds the truth (Google Drive, Notion, Slack, email, website, trust center, SOC 2 docs, etc.). It keeps that knowledge graph fresh on its own and drafts, validates, and formats responses to customer questions, security questionnaires, and RFPs, all in the background, so your team just reviews and ships.

security@wolfia.com

Documentation

Featured

Web Application and API Penetration Test Report
Certificate of Liability Insurance
Wolfia Architecture Diagram
Wolfia Platform Security Overview
SOC 2 Type 2 Report

Subprocessors

Amazon Web Services
Amazon Web Services · United States
Primary cloud-hosting and infrastructure platform and AI services
Microsoft Azure
Microsoft Azure · United States
Cloud infrastructure and AI services
Anthropic
Anthropic · United States
LLM inference via Claude API
Google
Google · United States
LLM inference via Gemini API
OpenAI
OpenAI · United States
LLM inference via OpenAI API

Controls

Access control

Robust identity and permission safeguards prevent unauthorized system access and enforce least-privilege principles

Single sign-on integration
Role-based least privilege
Single sign-on support
Principle of least privilege
Quarterly access reviews
Automated SCIM provisioning
Role-based access control
Automated user provisioning
Formal onboarding and off-boarding
Encrypted administrative access
Annual access reviews
Segregated administrator accounts
Rapid de-provisioning
Encrypted production access
Multi-factor authentication
Data security

Encryption, retention and classification controls protect customer information throughout its lifecycle

Encryption at rest
Encryption in transit
Data retention and deletion policy
Full-disk workstation encryption
Data classification policy
Data classification program
Data classification scheme
Secure retention and disposal
Full-disk encryption on endpoints
Secure data disposal
Customer data deletion on request
Full-disk device encryption
Automated, replicated backups
No training on customer data
Application security

A mature secure development lifecycle and continuous testing keep the platform resilient against software threats

Secure development policy
Annual third-party penetration testing
Secure development lifecycle
Static and dynamic code analysis
Dependency vulnerability scanning
Mandatory peer code reviews
Automated dependency scanning
Penetration testing program
Annual penetration testing
Web application firewall
Mandatory code reviews
Secrets exposure remediation SLA
Trusted container images
Container image hardening
Trusted container registry
Deployment approval workflow