Security Documents

Management Summary

1. Data Usage: We do not share any insights gained from a customer with other customers, nor do we use it to train our systems.

2. Personal Information: We do not collect personally identifiable information (PII). The data we gather includes account names and first names for personalization purposes.

3. Compliance: Cast is compliant with SOC 2 and SOC 3 standards, ensuring robust security controls are in place.

4. Data Masking: We employ Large Language Model (LLM) masking techniques to prevent our models from learning or retaining customer-specific data.

5. Third-Party AI Services: We exclusively utilize third-party AI services that uphold stringent data privacy and usage policies. These services ensure that data submitted through their APIs is not used to train their models, thereby maintaining the confidentiality of your information.

6. Encryption: We implement strong encryption protocols to protect data both at rest and in transit, ensuring that your information is secure during storage and transmission.

7. Access Control: We have strict access control policies in place to ensure that only authorized personnel have access to sensitive information, minimizing the risk of unauthorized access.

---

Table of contents

• Cast Service Level Agreement
• Cast Encryption and Key Management Policy
• Cast Password Policy
• Cast Access Control and Termination Policy
• Cast Acceptable Use Policy
• Cast Change Management Policy
• Cast Business Continuity and Disaster Recovery Plan
• Cast Code of Conduct
• Cast Vulnerability and Patch Management Policy
• Cast Vendor Management Policy
• Cast Privacy Policy
• Cast Disaster Recovery SLA for RPO and RTO
• Cast Encryption of Data at Rest and in Transit
• Data Protection Impact Assessments
• Cast GDPR Compliance Statement
• Cast.app’s Statement on Ethical and Responsible AI Development
• Cast WCAG 2.2 level AA Legal Compliance