AI & Data Security

At Coassemble, we know that as a Headless partner you need both flexibility and trust — your clients rely on your platform integrations to deliver seamless experiences, and data security can’t be an afterthought. Below is an overview of our AI and data security.

AI innovation without compromising data control

We’ve integrated advanced generative AI capabilities into Coassemble to accelerate content creation, transformation, translation and refinement. But we’ve done so in a way that keeps your data secure and under your control.

• Our AI models are not built in-house — we use trusted third-party models (currently Google Gemini 2.5 Flash for document transformation, course generation, text refinement and translations). You can review Gemini’s terms of service and data policies here.

• Critically: customer data is not used to train the model. When you upload a document or use the AI tools, your content remains yours — we don’t feed it back to train the model. When you use features like “Transform a document”, your document is securely stored in object storage, and we keep the course context in our database so the AI can generate relevant content for you.

• Ownership of content: Anything generated via our AI tools is fully owned by you (and therefore by your end-customers via your integration). You retain full ownership of all content — whether generated by AI or created manually.

Data storage, encryption and trust standards

Your Headless integration’s value hinges on consistency, reliability and enterprise-grade trust. We apply the same rigorous security controls for our AI features as across the entire Coassemble platform:

• Data encryption in transit and at rest, strict access-control, and industry-best-practice security frameworks.

• Your data is stored in Oregon, USA (ensuring a known jurisdiction for clients who care about data-location).

• We are GDPR-compliant (while not holding formal certification yet) and hold SOC 2 Type 1 and SOC 2 Type 2 certifications — you (and your clients) can view our certifications via our Trust Centre.

You can review our security controls and certifications in our Trust Center.

As of the 17th November, we’ve updated the way our AI Course Creator processes data to improve reliability, performance, and data governance. We’ve transitioned away from using OpenRouter to connect to Google AI services and now integrate directly with Google’s latest models — Gemini Flash for faster, more context-aware text generation, and Imagen for high-quality AI image creation.

In addition, all document processing through our Convert API is now region-locked to the United States, ensuring your data remains within US-based servers during processing. This update also lays the groundwork for future regional options — we’re planning to introduce additional servers in the EU and Australia, allowing data to be processed within your local region for improved compliance and performance. These changes enhance the speed, consistency, and security of AI-generated content while maintaining strong data protection standards.

This shift enables us to:

• Ensure AI processing happens in a fixed, known region

• Reduce the number of subprocessors involved

• Improve data-handling transparency and compliance

• Prepare for region-specific infrastructure (EU, AU, etc.)

AI image generation

We’ve upgraded our AI image generation engine to Imagen, delivering noticeably higher-quality visuals across the course creation experience. Imagen produces sharper, more detailed images with greater prompt accuracy and consistency, resulting in more polished and professional course content that better reflects creator intent. We’re looking forward to this improvement.

What this all means for you as a Headless partner

Because you’re embedding or integrating our platform into a broader ecosystem, these assurances map directly to your commitments:

• Confidence to your clients — You can assure end-customers that using your integrated offering will not expose them to unexpected data-use risks.

• Ownership clarity — The content your clients produce via your Headless integration stays theirs. They only give you what they intend to, and you pass it into Coassemble with no hidden downstream usage.

• Regulatory alignment — For clients who operate under compliance obligations (e.g., GDPR, SOC 2), you can point to Coassemble’s certifications and data-location transparency as part of your value proposition.

• Scalable innovation — You benefit from Coassemble’s ongoing AI feature enhancements without needing to build and maintain the AI stack yourself — letting you focus on building your Headless front-end and differentiating features.