Where is my data stored and what security/compliance measures does Napster Spaces use to protect it?
- Data residency: Default is Azure USA. EU and APAC regions are available on request for Enterprise customers. Contact partners@napster.com to discuss data residency options.
- SOC 2 Type II: Napster maintains SOC-2 Type 2 compliance through independent annual audits.
- Encryption: TLS 1.2+ for data in transit. Industry-standard encryption at rest.
- GDPR and CCPA: Napster Spaces complies with GDPR, CCPA, and relevant data protection regulations.
- Data ownership: All data is customer-owned. Napster does not share data with third parties or use it to train models.
- Deletion requests: Submit via Support → Privacy.
Is Napster certified by any third-party security bodies?
Yes. Napster is SOC-2 Type 2 compliant, audited by Microsoft, and certified for Manufacturing and Retail AI. Private Azure endpoints are available for enhanced security in enterprise deployments.
How is PII handled?
Limited PII is processed for authentication (typically email for SSO). Any additional PII intentionally shared during a conversation is discarded at session end unless retention is contractually required. Full conversation transcripts are encrypted, anonymized, and stored for client analytics.
For more detail on data privacy, security, and compliance questions, see the Frequently Asked Questions article.