Security, Privacy, and Compliance at Dreamwave.

We protect your workforce's digital identity with enterprise-grade encryption, strict data sovereignty, and isolated infrastructure.

Compliance Artifacts

Security Architecture & Controls.

Detailed overview of our encryption, infrastructure isolation, and SDLC practices.

DPA & GDPR Terms.

Standard contractual clauses for data processing, tailored for EU and California (CCPA) compliance.

Sub-processor List.

Full transparency on third-party vendors (AWS, Stripe) and data residency.

View List

Vulnerability Assessment.

Letter of attestation regarding our latest automated vulnerability scans and remediation policies.

Built on SOC 2 Type II Certified Infrastructure (AWS + GCP).

Data Isolation

Customer data logically separated

Dreamwave Private Cloud

AES-256 Encryption at Rest

AWS + GCP

Physical Security & Networking (SOC 2 Type II)

TLS 1.3

in Transit

Encryption

Hourly

Automated Snapshots

Backups

US-East

(Virginia) Only

Residency

Your Face is Your Data.

Dreamwave is a closed-loop system. Unlike consumer AI tools, we enforce a strict firewall between customer data and model training.

  • We do not use your photos to train public foundation models.
  • We do not claim ownership of generated likenesses.
  • Biometric input data is permanently deleted after 30 days. Enterprise customers can set a custom data retention policy.
📷

Your Photos

Encrypted

🖼️

Headshots

🚫NO DATA TO PUBLIC MODELS
Auto-deletion after30 DAYS

Security FAQ

Security Researcher? Found a bug?

security@dreamwave.ai