// Trust & Security Report
Guru Technologies, Inc.
AI-powered knowledge management and governance platform that structures, governs, and delivers company knowledge to employees and AI workflows. Single unified product with integrated permission-aware AI, audit trails, and compliance controls.
Certifications held
7
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on getguru.com“Guru uses an independent third party to conduct a SOC 2, Type II audit on its knowledge management system. This audit covers the SOC 2 Common Criteria and the Confidentiality and Privacy trust services criteria.”
Verify on getguru.com“Guru ensures GDPR compliance for EU customers through data handling processes, subprocessor agreements, and EU standard contractual clauses.”
Verify on getguru.com“Guru does not process PCI data, but uses a third party for payment purposes. Accordingly, Guru conducts an annual Self Assessment Questionnaire (A-EP) and scans its public-facing connections monthly for security vulnerabilities.”
Verify on getguru.com“CASA certification confirms that Guru meets Google's security standards for authentication, encryption, infrastructure protection, and incident response.”
Verify on getguru.com“Guru has achieved Microsoft 365 Certification through Microsoft's App Compliance Program, confirming that our app meets Microsoft's rigorous standards for security, privacy, and compliance controls derived from leading industry frameworks.”
Verify on getguru.com“Guru complies with the EU-U.S., EU (UK Extension)-U.S., and Swiss-U.S. Data Privacy Framework (DPF) Program.”
> Show 2 unconfirmed / not-held certifications
source: getguru.comNo public evidence found in security documentation or trust center.
source: getguru.comNo public evidence of HIPAA certification. Homepage marketing displays a 'HIPAA-ready' badge, and Guru indicates willingness to provide a boilerplate BAA, but neither constitutes HIPAA certification. 'HIPAA-ready' is a readiness claim, not a compliance certification.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Not specified publicly. EU/UK data transferred to the United States under EU standard contractual clauses and the EU-U.S. Data Privacy Framework. Specific regional data residency options not detailed in public documentation.
Guru states: 'Guru does not use your content to train the LLM in any way; your content remains exclusively yours in a protected enclave' and 'Your data is never used to train, nor retained by, third-party LLMs.' Governance and permission controls operate at the retrieval and knowledge delivery layer, not at model training.
// Security controls
Data Loss Prevention (DLP)
DLP masking and content controls available for select plans
help.getguru.comVulnerability Management
Regular vulnerability testing of production environments; monthly scans for PCI compliance
getguru.com// Products & data scope
data: Handles enterprise knowledge, internal documents, policies, customer data depending on customer use case. Explicitly does not train on customer data.
Single unified platform offering AI-powered search, knowledge verification, permission-aware delivery, audit trails, and integration with enterprise tools (Slack, Microsoft 365, Google Workspace, Zendesk, Salesforce).
// What to watch
- MISLEADING HIPAA CLAIM: Homepage marketing claims 'HIPAA-ready' alongside security certifications, but Guru is NOT HIPAA-certified. 'HIPAA-ready' means prepared to sign a BAA, not holding HIPAA compliance certification. This creates an over-claim risk for healthcare customers expecting HIPAA compliance.
- ISO 27001 ABSENT: No evidence found of ISO 27001 certification despite having SOC 2 Type II and other security certifications. ISO 27001 is a common expectation for enterprise vendors.
- DATA RESIDENCY UNCLEAR: Public documentation does not specify geographic data storage options. EU/UK data is transferred to US with appropriate legal frameworks, but details on data residency choices unavailable.
- HIPAA BAA NOT PUBLICLY AVAILABLE: While Guru indicates willingness to execute a Business Associate Agreement, the actual BAA document is not publicly accessible. Healthcare organizations should verify BAA terms before adoption.
// At a glance
Pricing model
Subscription-based (SaaS); specific tiers not detailed in public documentation
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Guru Technologies, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
getguru.com