Angler AI is committed to protecting customer data and operating in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). Our data practices are designed around security, transparency, and responsible data use.
In January, Angler AI completed its SOC 2 Type 1 audit, marking a significant milestone in our security and compliance journey. This independent, third-party assessment validates that our security controls and system architecture are suitably designed to protect sensitive customer data in accordance with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).
Verified Security Design
The SOC 2 Type 1 audit confirms that Angler AI’s foundational infrastructure, internal policies, and security controls are appropriately designed to safeguard customer data. This includes controls related to access management, encryption, and incident response.
Established Compliance Baseline
The report provides immediate, formal evidence of Angler AI’s commitment to data integrity, confidentiality, and privacy. For customers undergoing vendor due diligence, Angler AI can provide a recognized, third-party attestation of its security posture.
Commitment to Operational Excellence
Building on this foundation, Angler AI plans to complete a SOC 2 Type 2 audit in the first half of 2026. While the Type 1 report validates that our controls are designed correctly, the Type 2 audit will assess their operational effectiveness over time, providing additional assurance that our security practices are consistently and reliably maintained in day-to-day operations.
When providing our services, Angler AI acts as a data processor on behalf of our customers. Our customers remain the data controllers and are responsible for determining lawful data collection, consent mechanisms, and end-user disclosures.
Angler AI processes data only in accordance with customer instructions, contractual obligations, and applicable laws.
We process only the data necessary to deliver, operate, and improve our services. Customer data is never sold or used for purposes unrelated to providing our services and is handled in accordance with documented business needs and legal requirements.
Angler AI’s data practices align with the core principles of GDPR, including:
We support our customers in meeting their GDPR obligations, including responding to verified data subject requests where applicable.
Angler AI expects that any personal data processed through our platform is collected under a valid legal basis, such as user consent or legitimate interest, as determined by our customers. Our systems are designed to support customer-managed consent and privacy frameworks.
We implement appropriate technical and organizational safeguards to protect data, including:
Access to customer data is limited to authorized personnel with a legitimate business need.
Data is retained only as long as necessary to meet contractual, legal, or business requirements. Customer data is securely deleted following contract termination or when it is no longer required. Personal data is deleted or de-identified once it no longer has a legitimate business use.
Angler AI maintains a formal incident response program to identify, contain, remediate, and document security incidents. Where required, we notify customers and relevant authorities without undue delay, in accordance with contractual commitments and applicable laws.
Angler AI may engage vetted third-party service providers to support service delivery. All subprocessors are required to meet security and data protection standards consistent with Angler AI’s internal policies.
For questions regarding our data practices, security controls, or privacy commitments, please contact:
privacy@getangler.ai
