# Trust & Security - SOC 2 Type 2, Privacy, and Data Controls | Cor > How Cor protects your customers' sessions: SOC 2 Type 2 certified, Privacy Mode, automatic PII redaction, configurable data retention, full audit trails, explicit user consent, and dedicated Enterprise infrastructure. URL: https://getcor.ai/trust-security SOC 2 Type 2, granular privacy, retention, and access controls, and full audit trails - governance built into Cor from day one. ## Hero - Governance and security, ready before your security team asks. SOC 2 Type 2, granular privacy, retention, and access controls, and full audit trails - governance built into Cor from day one. ## Trust badges - **SOC 2 Type 2** - **Privacy Mode** - **User Consent** ## SOC 2 Type 2 Certified. Our SOC 2 Type 2 certification verifies that our data handling, access controls, and incident response protocols hold up under real-world scrutiny - and we make it easy for your security team to confirm that for themselves. - **Full SOC 2 Type 2 report available to customers and prospects under NDA.** - **Full subprocessor list available upon request.** - **Security review calls and completed customer security questionnaires on request.** ## The dials are yours. Privacy, redaction, retention. - **Privacy Mode.** When Privacy Mode is enabled, Cor does not record the session - no video, no audio, just a redacted transcript. Obi still guides the customer flawlessly, discarding all sensitive data on the go. - **PII Redaction.** Customer data stays in the session - it does not enter your logs. Cor automatically detects and redacts personal information before transcripts are saved. - **Data Retention.** You decide how long the data lives - we handle the deletion. Choose 30 days, 90 days, a year, or a custom window that matches your compliance requirements. ## Nothing happens without your customer's explicit permission. - **1. Share screen.** User-initiated, every time. Obi cannot see anything until the customer chooses to share. Screen sharing only begins when they click to allow it - never silently in the background. - **2. Confirm action.** Before Obi clicks, types, or completes a step on their behalf, the customer confirms it. They stay in the driver's seat - Obi proposes, they approve. - **3. End session.** The customer ends the session at any time. The connection drops immediately, the screen share stops, and no background access remains. Their control is absolute, from the first second to the last. ## Trust & Security FAQs ### Is the SOC 2 Type 2 report available? Yes. We provide the full report under NDA to enterprise prospects and customers. Simply request it on your demo call or contact us directly at team@getcor.ai. ### Does Cor store raw screen content permanently? No. Screen content is processed in real-time during the session. We only store the structured output - the transcript, the report, and the video recording (if enabled). ### How does your PII redaction work? Cor runs automated detection across session transcripts before storage. Common sensitive patterns - names, emails, phone numbers, financial identifiers - are identified and replaced with placeholders. The original data is not saved. ### What happens if a customer revokes consent mid-session? The session ends immediately, and no further data is captured. Any data captured prior to that moment follows your account's standard retention policy. ### How are full audit trails of every session delivered? Every session is logged in Cor Admin - the transcript, the structured report, and (when enabled) the recording are captured against the user, account, and timestamp. Your team can review or export those logs at any time, giving security and compliance the full audit trail they need. ### Do you use third-party subprocessors? Yes. A list of our subprocessors is available upon request. ### What happens to our data if we cancel? All session data is permanently deleted within 30 days of account closure. We are happy to provide written confirmation of this deletion upon request. ## Bottom CTA Built so security reviews go fast. Obi is built secure from day one - SOC 2 Type 2, end-to-end encryption, granular controls, and full audit trails. Everything your security and compliance teams need to sign off, ready before they ask.