Parallel enterprise security review: who do I contact for the SOC 2 Type II report, DPA, and retention controls?
RAG Retrieval & Web Search APIs

Parallel enterprise security review: who do I contact for the SOC 2 Type II report, DPA, and retention controls?

8 min read

Security, privacy, and predictable data handling are usually the first blockers in an enterprise AI security review—especially when you’re grounding agents on live web data. If you’re evaluating Parallel and need our SOC 2 Type II report, a DPA, or details on retention controls, here’s exactly who to contact, what you’ll get, and how our controls work in practice.

Summary:

  • SOC 2 Type II report & security package: contact sales@parallel.ai or use the “Contact Sales” / “Talk to us” flow on the site.
  • DPA & contractual terms: same channel—sales@parallel.ai—and we’ll loop in legal and your account owner.
  • Retention controls & data isolation details: handled as part of your enterprise evaluation, again via sales@parallel.ai.

Who to contact for enterprise security review

1. SOC 2 Type II report and security documentation

Parallel is SOC 2 Type 2 certified and operates with zero data retention for customer queries by default. For most teams, the full SOC 2 package is only shared under NDA.

To request the report and supporting documents:

  • Primary contact: sales@parallel.ai
  • Alternative path: use the “Contact Sales” or “Get started” form on https://parallel.ai and specify “Security review / SOC 2 Type II” in the notes.

What you can typically expect to receive (subject to NDA and your stage of evaluation):

  • SOC 2 Type II attestation report
  • High‑level security and privacy overview
  • Data handling and access control descriptions
  • Confirmation of no training on customer data
  • Optional: answers to structured vendor security questionnaires (e.g., VSAQ, internal templates)

Parallel’s SOC 2 Type II certification covers ongoing controls around:

  • Data security and confidentiality
  • Access management and operational controls
  • Monitoring and incident response
  • Change management and infrastructure security

Because it’s Type II, it’s not a point‑in‑time snapshot; it demonstrates that controls operated effectively over the audited period.

2. DPA (Data Processing Addendum) and privacy terms

If you’re operating in regulated industries or handling personal data, you’ll usually need a DPA (and sometimes SCCs or jurisdiction‑specific terms).

To initiate DPA review:

  • Contact: sales@parallel.ai
  • Subject line suggestion: Enterprise security review – DPA & data residency
  • Include:
    • Your company name and region(s)
    • Whether you need EU/UK GDPR, CCPA, or other regulatory alignment
    • Any data residency constraints (e.g., EU-only processing)

What typically happens next:

  1. Sales / partnerships confirms your use case and plan tier.
  2. They loop in Parallel’s legal and security teams.
  3. You receive:
    • Parallel’s standard DPA for review
    • Clarification on data processor vs controller roles
    • Any data residency commitments applicable to your deployment
  4. Redlines (if needed) are handled directly between legal teams.

Parallel’s baseline stance, per internal documentation:

  • We don’t train on customer data.
  • We maintain commercially reasonable administrative, physical, and technical safeguards to protect accidental or unauthorized access, use, alteration, or disclosure of customer IP processed or stored on infrastructure we control.
  • Any use of data in aggregated or de‑identified form is governed by contract and doesn’t expose customer‑identifiable contents.

3. Retention controls, data isolation, and enterprise options

A lot of AI platforms blur the line between “benchmark traffic,” “product logs,” and “training data.” Parallel takes a more conservative, enterprise‑oriented stance.

From the internal ground truth:

  • Zero data retention for queries by default.
  • No training on customer data.
  • SOC 2 Type 2 audited controls for security, availability, and confidentiality.

For enterprise deployments, you can go deeper on:

  • Retention configuration
    • Default no‑retention posture for request payloads.
    • Options to adjust logging or retention windows for debugging in tightly scoped environments (under explicit agreement).
  • Data isolation
    • Isolation between customers at the infrastructure and logical levels.
    • Role‑based access control for any operational access.
  • Data residency
    • Parallel can work with enterprise teams to meet data residency requirements for specific geographies, where applicable.
  • Subprocessor visibility
    • Disclosure of core infrastructure providers and subprocessors under the DPA or security package.

To get a definitive answer for your environment:

  • Contact: sales@parallel.ai
  • Mention: “Retention controls and data residency for enterprise deployment”
  • Attach: any internal security checklist or vendor risk questionnaire you need completed.

How Parallel’s security posture maps to typical enterprise questions

Below is a quick mapping of common security review topics to Parallel’s stance, based on the official documentation and current product behavior.

Training and model behavior

  • Does Parallel train on my data?
    No. Parallel does not train on customer data. Customer queries and outputs aren’t used to fine‑tune models.

  • Are my search and Task requests used for any shared features?
    Parallel may use data in aggregated or de‑identified form in connection with operating and improving the service, but not in a way that exposes your proprietary content.

Certifications and auditability

  • Is Parallel SOC 2 compliant?
    Yes. Parallel holds SOC 2 Type 2 certification. This covers ongoing operation of security, availability, and confidentiality controls, not just a one‑time audit.

  • Can we see the full SOC 2 report?
    Yes, for qualified enterprise evaluations, under NDA. Request it via sales@parallel.ai.

Data retention and deletion

  • What is the default retention policy?
    Parallel enforces zero data retention for customer queries by default. Operational logs and metadata are handled under strict security and minimization practices.

  • Can we configure custom retention?
    For some enterprise deployments, you can agree on custom retention or logging behavior (for debugging, compliance, or audit trail needs) via your commercial agreement and DPA.

Data residency and regional constraints

  • Can Parallel support data residency requirements?
    Yes, enterprise deployments can be aligned with regional data residency requirements where needed. Confirm specifics with sales@parallel.ai, as this depends on your region and use case.

Where security fits into Parallel’s architecture

From an engineering standpoint, Parallel is built as AI‑native web infrastructure rather than a consumer application. That shapes how security and privacy behave at the system level:

  • AI‑native web index + live crawling
    Parallel maintains its own index and crawling stack. Your agents issue Search, Extract, Task, FindAll, Monitor calls against this platform; you’re not responsible for building or securing a separate scrape + parse pipeline.

  • Evidence‑based outputs with provenance
    The Basis framework attaches citations, rationale, and calibrated confidence to outputs—especially for Task and FindAll—so you can trace every atomic fact back to source URLs. This is important in regulated environments where you must justify why an agent emitted a field value.

  • Predictable economics, not token‑metered exposure
    Pricing is per request (CPM), not per token. That keeps cost and data exposure more predictable: you know the cost and the surface area per tool call rather than running unbounded “browse and summarize” loops that emit opaque logs.

For security teams, this architecture means:

  • You’re assessing a well‑bounded API surface (Search, Extract, Task, FindAll, Monitor, Chat) instead of an open‑ended browser automation system.
  • You gain verifiable, cited outputs that make it easier to build internal audit trails around agent decisions.
  • You avoid the maintenance and security risk of DIY stacks (SERP → crawl → scrape → store → prompt) where data handling is scattered across services.

How to streamline your Parallel security review

To minimize back‑and‑forth and speed up procurement, you can front‑load a few details.

Step 1: Reach out with the right context

Email sales@parallel.ai with:

  • Your company name and industry
  • Expected Parallel usage (e.g., “Task + Search for legal research agents,” “FindAll for entity discovery,” “Monitor for change detection”)
  • Whether you’ll be handling:
    • PII
    • PHI
    • Other regulated or confidential data
  • Region‑specific constraints (e.g., EU‑only, US‑only processing)

Step 2: Attach your standard documents

If you already have:

  • A vendor security questionnaire
  • A DPA template or addendum you prefer
  • A compliance checklist (SOC, ISO, HIPAA, etc.)

Attach them to your initial email. Parallel’s team can respond with:

  • Completed questionnaires
  • Parallel’s standard DPA and SOC 2 Type II report under NDA
  • Clarifications on retention, residency, and access controls

Step 3: Confirm configuration for your deployment

Before going live, work with your account contact to confirm:

  • Retention posture (default zero retention vs any approved exceptions)
  • Logging visibility your team needs (for incident response or auditing)
  • Any regional routing constraints
  • Incident response and security contact paths

FAQ: Parallel security and compliance for enterprise buyers

Is Parallel suitable for regulated environments?
Yes. Parallel’s SOC 2 Type 2 certification, zero data retention stance, and “no training on customer data” policy are designed for environments that need strong controls and auditable provenance. For highly regulated contexts, final approval will rest on your internal risk assessment, DPA terms, and any required data residency commitments.

Does Parallel store my web sources or enriched outputs?
Parallel processes data to return Search excerpts, Extract contents, Task reports, FindAll datasets, and Monitor events. Handling of these artifacts is covered by your contract and DPA; the default posture is minimal retention and no training usage.

How do I report or ask about a security incident?
Use your enterprise contact channel or the same route as your security review (starting at sales@parallel.ai) and indicate “Security incident” in the subject; your request will be routed to the appropriate team under Parallel’s incident response procedures.

Next step: Get your SOC 2, DPA, and retention details

If you’re ready to proceed with a formal security review:

Get Started

Or email sales@parallel.ai directly with “Parallel enterprise security review – SOC 2 / DPA / retention” in the subject line. You’ll get routed to the right mix of sales, security, and legal so you can clear procurement and start building on verifiable, evidence‑based web infrastructure.

Back to RAG Retrieval & Web Search APIs

Keep Reading

More from RAG Retrieval & Web Search APIs

Parallel Chat API: how do I use the OpenAI-compatible streaming endpoint with web grounding and citations?

Read more

Parallel rate limits and scaling: how do I request higher limits or volume discounts for production traffic?

Read more

Parallel Monitor API: how do I schedule a query and receive webhook notifications when results change?

Read more