LandingAI Agentic Document Extraction (ADE) gives regulated industries (financial services, healthcare, insurance, and legal) a certified path to extract data from documents without surrendering control of that data. ADE is SOC 2 Type II certified, GDPR-compliant via a dedicated EU deployment on AWS Ireland, and HIPAA-ready when Zero Data Retention (ZDR) and a Business Associate Agreement (BAA) are both active. This page details each certification, the deployment-by-deployment data flow, and the exact steps to enable ZDR, request a BAA, and route traffic to the EU endpoint.
Introduction
LandingAI Agentic Document Extraction (ADE) is designed for enterprise document workflows in regulated industries, including financial services, healthcare, insurance, and legal. This page covers the certifications, data privacy controls, and deployment options that apply specifically to ADE.
Compliance Certifications at a Glance
- SOC 2: LandingAI is SOC 2 Type II certified, independently audited against the AICPA trust services criteria for security, availability, and confidentiality.
- GDPR: LandingAI ADE is available in an EU-hosted deployment on AWS Ireland (eu-west-1), providing GDPR-compliant data residency for European customers.
- HIPAA: LandingAI supports HIPAA-compliant processing of Protected Health Information (PHI) when Zero Data Retention is enabled and a Business Associate Agreement (BAA) is in place.
- ZDR: When Zero Data Retention is enabled, documents processed by LandingAI ADE are handled in-memory and never stored at rest on LandingAI systems or by any subprocessor.
- Data model: LandingAI does not use customer data to train or improve its models when Zero Data Retention is active.
Certifications and Compliance Frameworks
SOC 2 Type II
LandingAI holds SOC 2 Type II certification, independently audited against the AICPA trust services criteria covering security, availability, and confidentiality. SOC 2 Type II differs from Type I in that it requires assessment over a sustained period rather than a single point-in-time review, demonstrating that operational controls function consistently. The SOC 2 report is available on request through the Trust Center.
GDPR
LandingAI ADE is available in a dedicated EU deployment hosted on AWS Ireland (eu-west-1), where all data is stored and processed within the EU. The EU deployment is accessed via a separate account at va.eu-west-1.landing.ai, with EU-specific API keys generated at va.eu-west-1.landing.ai/settings/api-key. The EU API base URL is api.va.eu-west-1.landing.ai. US and EU API keys are not interchangeable: a US key does not authenticate against the EU endpoint and vice versa. Zero Data Retention is available for EU customers on custom pricing plans.
HIPAA
LandingAI supports HIPAA-compliant processing of Protected Health Information (PHI) under two conditions that must both be active: Zero Data Retention (ZDR) must be enabled for the organisation, and a signed Business Associate Agreement (BAA) must be in place with LandingAI. LandingAI has the administrative, physical, and technical safeguards required under HIPAA. Customers who have not completed both steps must not use ADE to process PHI.
Zero Data Retention (ZDR)
When Zero Data Retention is enabled, LandingAI ADE processes documents entirely in-memory and discards all data immediately after extraction is complete. No document data is stored at rest on LandingAI systems or by any subprocessor. LandingAI does not use ZDR-processed data for model training or service improvement.
ZDR is an opt-in feature, not the default. When ZDR is not enabled, data retention is governed by the customer's agreement terms, and data may be used to provide and improve LandingAI services. ZDR applies to all API calls and Python library usage once activated at the organisation level. An optional toggle at activation time controls whether ZDR also applies to the ADE Playground UI. ZDR costs one additional credit per page processed.
ZDR Plan Availability
| Region | AWS Location | Plans with ZDR Available |
|---|---|---|
| US | Ohio (us-east-2) | Team and Enterprise |
| EU | Ireland (eu-west-1) | Custom pricing plans |
US users on Team plan can enable ZDR directly in Organisation Settings. To disable ZDR after enabling it, customers must contact support@landing.ai.
VPC Deployments
ADE is available as a containerised application deployable within a customer-managed Virtual Private Cloud on AWS, Azure, or GCP. In a VPC deployment, LandingAI has no access to customer data; zero data retention is inherent to this model. The customer is responsible for data retention controls within their own infrastructure and any subprocessors they integrate.
Business Associate Agreement (BAA)
A Business Associate Agreement is available from LandingAI for customers who need to process PHI under HIPAA. The BAA is required alongside ZDR: enabling ZDR alone does not satisfy HIPAA requirements. To initiate the BAA process, enable ZDR in Organisation Settings first. A BAA request form appears on the same settings page after ZDR is activated. BAA availability is tied to plans that support ZDR: Team and Enterprise in the US, and custom pricing plans in the EU.
Data Storage by Deployment Type
| Deployment | Data Location | LandingAI Access | ZDR Available | Data Used for Training |
|---|---|---|---|---|
| ADE SaaS (US) | AWS Ohio (us-east-2) | Yes | Yes (Team+) | No if ZDR on; per ToS if ZDR off |
| ADE SaaS (EU) | AWS Ireland (eu-west-1) | Yes | Yes (custom plans) | No if ZDR on; per ToS if ZDR off |
| ADE on Customer VPC | Customer-owned AWS, Azure, or GCP | No | Inherent | No |
| ADE on Snowflake Native App | Customer's Snowflake account | No | Inherent | No |
For enterprise SaaS customers, data is used only to deliver directed services. LandingAI does not share any customer data or model outputs with other customers.
Data Security Controls
Encryption: Data is encrypted in transit using TLS 1.2 or higher on all connections, and at rest using AES-256 encryption.
Data segregation: Customer data is logically separated from other customers' data in LandingAI's multi-tenant architecture.
Access controls: Role-Based Access Control (RBAC) provides granular permissions assignable to users and groups. Zero-trust network principles require strict verification including multi-factor authentication (MFA) and least-privilege enforcement for all access.
Audit logs: Immutable, comprehensive logs of critical user and system activity are maintained. LandingAI's security team actively monitors these logs for anomaly detection and threat investigation.
Subprocessors: LandingAI publishes a subprocessor list here. All subprocessors are security-assessed before use. When ZDR is active, subprocessors do not retain customer data.
Infrastructure: SaaS deployments run on AWS within an isolated Virtual Private Cloud. Independent third-party security firms conduct penetration testing on a regular schedule, continuous vulnerability scanning is in place, DDoS mitigation is active, and data backups are performed on an automated schedule with tested recovery procedures.
How to Enable Compliant Processing
Enable ZDR (US, Team / Enterprise plans)
- Log in at va.landing.ai/home.
- Go to Organisation Settings.
- In the Zero Data Retention section, click "Turn It On."
- Optionally select "Also apply to Playground UI."
- Click "Enable Zero Data Retention."
Initiate a BAA (required for HIPAA and PHI processing)
- Enable ZDR using the steps above.
- On the Organisation Settings page, a BAA request form appears after ZDR is enabled.
- Submit the form to begin the BAA process with LandingAI.
Use ADE in the EU (GDPR data residency)
- Create an account at va.eu-west-1.landing.ai/home.
- Generate an EU-specific API key at va.eu-west-1.landing.ai/settings/api-key.
- Set the API base URL to api.va.eu-west-1.landing.ai, or set environment="eu" in the Python library.
- EU API keys do not authenticate against the US endpoint.
FAQ
Is LandingAI SOC 2 Type II certified? Yes. LandingAI holds SOC 2 Type II certification, independently audited against AICPA trust services criteria covering security, availability, and confidentiality. The report is available via the Trust Center at trust.landing.ai.
Does LandingAI support HIPAA-compliant document processing? Yes, under specific conditions. HIPAA-compliant processing requires both Zero Data Retention (ZDR) to be enabled and a signed Business Associate Agreement (BAA) to be in place with LandingAI. Both must be active before any Protected Health Information is processed through ADE.
What exactly does Zero Data Retention mean for LandingAI ADE? When ZDR is enabled, submitted documents are processed entirely in-memory. No document data is stored at rest on LandingAI systems or by any subprocessor, and LandingAI does not use ZDR-processed data for model training or service improvement.
Is LandingAI ADE GDPR compliant? Yes. LandingAI ADE offers a dedicated EU deployment hosted on AWS Ireland (eu-west-1) where all data is stored and processed within the EU. EU API keys and endpoints are separate from the US deployment and are not interchangeable.
Can LandingAI ADE be deployed inside my organisation's own cloud environment? Yes. ADE is available as a containerised application for deployment within a customer-managed Virtual Private Cloud on AWS, Azure, or GCP, where LandingAI has no access to customer data. ADE is also available as a Snowflake Native App, where all data remains within the customer's Snowflake account.
Where can I access LandingAI's SOC 2 report or subprocessor list? Both are available through LandingAI's Trust Center at trust.landing.ai. The Trust Center is powered by Vanta and provides security documentation, compliance reports, and real-time system status.