Raylu SOC 2 Compliance for Institutional-Grade AI

Artificial intelligence is rapidly becoming the decision fabric of private markets—shaping how opportunities are sourced, diligence is conducted, and conviction is built. In a domain defined by fiduciary duty and information sensitivity, AI only works if it is trustworthy.

At Raylu, trust isn’t a feature—it’s the operating system. We build for environments where control, auditability, and accountability are non-negotiable.

We’re pleased to share that Raylu is SOC 2 compliant, reflecting our alignment with the AICPA Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. This milestone affirms that our controls, processes, and safeguards are designed for the standards investment institutions expect.

Why This Matters for Private-Market Teams

Compliance is not a badge on a status page; it’s what lets CIOs, operating partners, and deal teams move faster without widening their risk surface. SOC 2 compliance validates that Raylu’s platform is engineered to keep sensitive data protected while delivering the speed and lift modern sourcing requires.

What’s in Scope

Our SOC 2–aligned controls span the full Raylu stack:

• Sourcing & Research Copilots
  Guardrails for accuracy and auditability, with role-based permissions mapped to least-privilege access

• Data Ingestion & Orchestration
  Change management, repeatable evaluations, and drift monitoring—so enrichment pipelines remain stable, observable, and reviewable

• Integrations & Lineage
  Encryption in transit and at rest, granular access controls, source-level permissions, and end-to-end data lineage for traceability

• Governance & Oversight
  Written policies, risk assessments, and continuous monitoring across engineering, product, and go-to-market workflows

Our Non-Negotiables on Data

Your proprietary information is an asset, not model fodder

• No training on your data. Raylu does not use customer data to train models

• Zero data retention at our AI providers. We maintain enterprise zero-retention agreements

• Strong identity and encryption. Access via SSO, MFA, and end-to-end encryption by default

Responsible AI, Built In

The promise of AI is only as good as its provenance.

• Source-grounded outputs. Our AI cites its evidence so users can verify the “why,” not just the “what.”

• Validation & Monitoring. Structured evaluations, continuous quality checks, and human-in-the-loop feedback maintain reliability over time

• Separation of concerns. Clear boundaries between data ingestion, enrichment, and model orchestration simplify audits and reduce risk

The Standard We Hold Ourselves To

SOC 2 compliance is a waypoint, not a finish line. We will keep investing in controls, evidence collection, and third-party reviews to meet the evolving expectations of CISOs, CTOs, and compliance leaders across private equity, growth, and venture.

If you’d like a deeper dive—reference architecture, control mappings, or our shared-responsibility model—we’re happy to brief your security and IT teams.

— Ali Dastjerdi
Co-Founder & CEO, Raylu