Question 1

Is gStride AI SOC 2 compliant?

Accepted Answer

gStride AI is SOC 2 Type II in active scoping with our auditor; report expected Q4 2026. Day-one controls are already implemented — least-privilege role-based access, encrypted backups, change-control workflow, vendor risk register, and quarterly security review. Enterprise customers can request the current bridge letter, gap assessment, and policy pack under NDA via security@gstride.ai. The honest shipped-versus-roadmap view is on the coverage matrix.

Question 2

Is gStride AI GDPR compliant?

Accepted Answer

Yes. gStride processes employee productivity data under documented lawful purposes (legitimate interest plus contractual necessity), supports data principal rights (access, rectification, erasure, portability) within scope, and runs per-feature opt-in monitoring with worker notice at engagement start. The platform supports configurable retention windows by data class and a published DPA available to all paid customers. For deployer obligations under Article 26 of the EU AI Act, the same per-feature opt-in plus audit-trail model applies — both posture documents are reviewable on request.

Question 3

Does gStride AI support SSO and SAML?

Accepted Answer

Yes — SAML 2.0 and OIDC are native on Pro and Enterprise plans. Tested identity providers include Okta, Microsoft Entra ID (Azure AD), Google Workspace, OneLogin, and JumpCloud. SCIM 2.0 user provisioning is available on Enterprise for automated joiner-leaver-mover flows. MFA can be enforced at the IdP layer (recommended) or as a fallback at the gStride layer for accounts not behind SSO. Role assignment maps from IdP groups so an HR-system role change propagates without a manual re-grant.

Question 4

Where is my data stored, and can I choose the region?

Accepted Answer

Production data sits in Microsoft Azure regions — primary in West Europe (Netherlands) for EU customers, Central India (Pune) for India and APAC, and East US 2 (Virginia) for US customers. Region selection is configurable at the tenant level on Enterprise plans with a one-time setup; the chosen region is bound for the life of the tenant. Backups are encrypted with AES-256 at rest and replicated within-region only. India tenants are anchored in Pune for DPDP locality preference; EU tenants are anchored in Netherlands so personal data does not leave the EEA without a documented transfer mechanism.