// Trust & Security Report

    Guru Technologies, Inc. logo

    Guru Technologies, Inc.

    AI-powered knowledge management and governance platform that structures, governs, and delivers company knowledge to employees and AI workflows. Single unified product with integrated permission-aware AI, audit trails, and compliance controls.

    Certifications held

    7

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Guru uses an independent third party to conduct a SOC 2, Type II audit on its knowledge management system. This audit covers the SOC 2 Common Criteria and the Confidentiality and Privacy trust services criteria.

    Verify on getguru.com
    GDPR
    HELD

    Guru ensures GDPR compliance for EU customers through data handling processes, subprocessor agreements, and EU standard contractual clauses.

    Verify on getguru.com
    PCI DSS
    HELD

    Guru does not process PCI data, but uses a third party for payment purposes. Accordingly, Guru conducts an annual Self Assessment Questionnaire (A-EP) and scans its public-facing connections monthly for security vulnerabilities.

    Verify on getguru.com
    Google Cloud App Security (CASA)
    HELD

    CASA certification confirms that Guru meets Google's security standards for authentication, encryption, infrastructure protection, and incident response.

    Verify on getguru.com
    Microsoft 365 Certification
    HELD

    Guru has achieved Microsoft 365 Certification through Microsoft's App Compliance Program, confirming that our app meets Microsoft's rigorous standards for security, privacy, and compliance controls derived from leading industry frameworks.

    Verify on getguru.com
    EU-U.S. Data Privacy Framework
    HELD

    Guru complies with the EU-U.S., EU (UK Extension)-U.S., and Swiss-U.S. Data Privacy Framework (DPF) Program.

    Verify on getguru.com
    CPRA Compliance
    HELD

    Guru acts as a service provider under CPRA as applicable.

    Verify on getguru.com
    > Show 2 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence found in security documentation or trust center.

    source: getguru.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA certification. Homepage marketing displays a 'HIPAA-ready' badge, and Guru indicates willingness to provide a boilerplate BAA, but neither constitutes HIPAA certification. 'HIPAA-ready' is a readiness claim, not a compliance certification.

    source: getguru.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Not specified publicly. EU/UK data transferred to the United States under EU standard contractual clauses and the EU-U.S. Data Privacy Framework. Specific regional data residency options not detailed in public documentation.

    Guru states: 'Guru does not use your content to train the LLM in any way; your content remains exclusively yours in a protected enclave' and 'Your data is never used to train, nor retained by, third-party LLMs.' Governance and permission controls operate at the retrieval and knowledge delivery layer, not at model training.

    // Security controls

    Encryption in Transit

    All data encrypted in transit

    getguru.com

    Encryption at Rest

    All data encrypted at rest

    getguru.com

    Role-Based Access Control

    Permission-aware access controls with role scoping

    getguru.com

    SAML-Based SSO

    Enterprise Single Sign-On with SAML support

    getguru.com

    SCIM Provisioning

    SCIM-based user provisioning and management

    getguru.com

    Audit Trails

    Full audit trails for all knowledge access and modifications

    getguru.com

    Data Loss Prevention (DLP)

    DLP masking and content controls available for select plans

    help.getguru.com

    Vulnerability Management

    Regular vulnerability testing of production environments; monthly scans for PCI compliance

    getguru.com

    // Products & data scope

    Guru Knowledge PlatformKnowledge Management & AI Governance

    data: Handles enterprise knowledge, internal documents, policies, customer data depending on customer use case. Explicitly does not train on customer data.

    Single unified platform offering AI-powered search, knowledge verification, permission-aware delivery, audit trails, and integration with enterprise tools (Slack, Microsoft 365, Google Workspace, Zendesk, Salesforce).

    // What to watch

    • MISLEADING HIPAA CLAIM: Homepage marketing claims 'HIPAA-ready' alongside security certifications, but Guru is NOT HIPAA-certified. 'HIPAA-ready' means prepared to sign a BAA, not holding HIPAA compliance certification. This creates an over-claim risk for healthcare customers expecting HIPAA compliance.
    • ISO 27001 ABSENT: No evidence found of ISO 27001 certification despite having SOC 2 Type II and other security certifications. ISO 27001 is a common expectation for enterprise vendors.
    • DATA RESIDENCY UNCLEAR: Public documentation does not specify geographic data storage options. EU/UK data is transferred to US with appropriate legal frameworks, but details on data residency choices unavailable.
    • HIPAA BAA NOT PUBLICLY AVAILABLE: While Guru indicates willingness to execute a Business Associate Agreement, the actual BAA document is not publicly accessible. Healthcare organizations should verify BAA terms before adoption.

    // At a glance

    Pricing model

    Subscription-based (SaaS); specific tiers not detailed in public documentation

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Guru Technologies, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    getguru.com

    > Browse all vendor trust reports