Security & Compliance
Data Privacy, Logging & Compliance
Immutable activity and conversation logs, retention controls, and SOC 2 / GDPR / HIPAA posture.
raia is designed for the security and privacy requirements of modern enterprises. Comprehensive audit trails and strict data protection standards keep your information secure, private, and compliant.

01
The Activity Log
Every significant action is recorded as a verifiable, time-stamped audit trail.
| Category | Examples |
|---|---|
| System Events | Agent creation/deletion, instructions saved, document uploads, configuration changes. |
| Access Events | User role changes, logins, API key generation. |
| Conversation Events | Conversations started/ended, human takeovers, escalations triggered, transcripts downloaded. |
02
Conversation Logs
| Capability | Detail |
|---|---|
| Immutable Records | Every message is time-stamped and associated with the relevant user and agent. |
| Transparency | Admins can view the full context of any interaction to detect anomalies or verify compliance. |
| Export & Integration | Logs export via CSV or stream to external systems via webhooks. |
03
Retention & Memory
Configurable Retention
Administrators set agent memory and chat-history retention to 30, 60, or 90 days, supporting data-minimization policies.
| Memory Mode | Behavior |
|---|---|
| Shared Memory | Stored information is accessible across all users — ideal for general FAQs. |
| Personal Memory | The agent stores and recalls information per individual user, enforcing strict memory privacy between users of the same agent. |
04
Compliance Standards
| Standard | Posture |
|---|---|
| SOC 2 Type II | Regular independent audits verify security, availability, and processing-integrity controls. |
| GDPR | Supports data subject rights — including deletion and export — and maintains data processing agreements. |
| HIPAA | HIPAA-compliant infrastructure with signed Business Associate Agreements (BAAs) for healthcare customers. |
Full corporate security policies (Information Security Policy, Incident Response Plan, Data Classification Policy) are published in the raia Trust Center.