Security
Go Fig is SOC 2 Type II certified with enterprise-grade security. Your financial data is encrypted in transit and at rest. We operate under Zero Data Retention (ZDR) agreements with all AI providers — your data is never stored or used for training. PII is automatically scrubbed before reaching any AI provider. Role-based access controls, audit logs, and regular security assessments protect your information.
We take security seriously and invest heavily to protect your financial data.
At Go Fig, we set ourselves apart with our commitment to security and privacy. Trust is at the core of any strong partnership, and that is why we make it our top priority to build that trust.
Not only do we work tirelessly to ensure that Celeste, our AI analyst, gets you the right answer when you need it, but we also invest heavily to protect your data. We have systems in place to make sure that this will always be the case, as demonstrated by our SOC 2 Type II certification.
Our team works tirelessly to ensure the integrity, availability, and confidentiality of your data. In this page, you can find an in-depth exploration of our security practices, policies, terms of service and compliance commitments.
Zero Data Retention AI
Celeste is powered by three leading AI providers — Anthropic, Google, and OpenAI — all accessed exclusively through enterprise API tiers with Zero Data Retention (ZDR) guarantees. Your data is processed in-memory for a single request and immediately discarded. No AI provider ever stores, logs, or trains on your data.
PII scrubbing
Before any data reaches an AI provider, our input sanitizer automatically detects and redacts personally identifiable information — Social Security numbers, credit card numbers, email addresses, and phone numbers. The same protections apply to AI responses before they reach you.
Minimal data exposure
Celeste sends only structural metadata to AI providers: table names, column names, and metric definitions. Bulk row data, raw financial figures, and full query results never leave Go Fig infrastructure.
Full audit trail
Every AI interaction is logged with a complete audit trail — what was asked, which provider processed it, what data was sent, and what was returned. Enterprise customers can review these logs for compliance reporting.
Security Questions
Common questions about how Go Fig protects your data.
Where is my data stored?
Go Fig stores data only for customers who don't bring their own database. For these customers, data is stored in Google Cloud Storage buckets in the US region across multiple availability zones. All data is tenant-isolated and encrypted both at rest and in transit.
Who can access my data?
Only users you explicitly authorize can access your data. Go Fig employees may access your data when necessary to help resolve issues or respond to support requests. All access is logged and auditable.
Do you sell or share customer data?
Never. Your data is your data. We do not sell, share, or use customer data for any purpose other than providing the Go Fig service. Your financial data is 100% confidential. We may use anonymized, aggregated usage patterns to improve our platform, but your financial data is never used to train AI models.
What happens to my data if I cancel?
Upon cancellation, you can export all your data in standard formats. After 30 days, all data is permanently deleted from our systems, including backups. We provide written confirmation of data deletion upon request.
Is Go Fig SOC 2 certified?
Yes. Go Fig is SOC 2 Type II certified. Our security controls have been audited and verified by an independent third party. You can access our security documentation and certification details through our Trust Center.
How do you handle data breaches?
We have a comprehensive incident response plan. In the unlikely event of a breach, we notify affected customers within 72 hours, provide detailed information about the impact, and take immediate remediation steps. We carry cyber liability insurance for additional protection.
Which AI providers does Go Fig use?
Celeste, our AI analyst, is powered by Anthropic (Claude), Google (Gemini via Vertex AI), and OpenAI (GPT). All providers are accessed exclusively through enterprise API tiers with Zero Data Retention guarantees. We never use consumer-tier API endpoints.
What is Zero Data Retention (ZDR)?
Zero Data Retention means your data is processed in-memory for the duration of a single AI request and immediately discarded. The AI provider never stores, logs, or trains on your data. All three of our AI providers contractually guarantee ZDR for their enterprise API tiers.
What data does Celeste send to AI providers?
Celeste sends only structural metadata — table names, column names, metric definitions, and a limited number of sample values. Before any data reaches an AI provider, personally identifiable information (SSNs, credit cards, emails, phone numbers) is automatically detected and scrubbed. Bulk row data, raw financial figures, and full query results are never sent to external AI providers.