TRUST
Expert Assist doesn’t centralize your data on our own systems. The solutions we build — including the private-cloud AI we deploy through our partner Findable — run inside your Azure tenant and reads from your existing SharePoint, OneDrive, and Microsoft 365 surfaces. That means your organization’s existing certifications, conditional access policies, data residency selections, audit logging, and DLP controls already apply to the documents Findable retrieves and grounds responses on.
This deployment model is intentional. It moves the compliance perimeter to where customers already have evidence, controls, and auditors.
By keeping content in SharePoint and OneDrive and identity in Entra ID, your organization can rely on Microsoft’s broad certification posture and native compliance tooling, including:
The solutions we deploy respect the access decisions made in those systems. If a user can’t open a file in SharePoint, our tools won’t surface it to them in a chat or recommendation.
The application is built against a documented internal control baseline that covers encryption in transit and at rest, least-privilege service identities, centralized audit logging, dependency and secret scanning, and regular code review. For a deeper look at the architecture and identity model, see the get in touch.
The platform we deploy engages independent third parties for application penetration testing and runs continuous automated dependency and container scanning. Critical findings are tracked to closure under documented SLAs.
The platform uses a small number of subprocessors (cloud infrastructure, email, support tooling, error monitoring). A current list is available on request and is provided to customers under NDA.
Customers and prospects can request our current security overview and subprocessor list by emailing trust@expertassist.com.