1. Data Encryption
We encrypt data at all layers:
- In transit: TLS 1.2+ with modern ciphers
- At rest: AES-256 or provider-equivalent encryption
- Backups: encrypted in storage and transit
2. Authentication & Access Control
We use:
- SSO-only login (no password-based accounts)
- Role-based access control (RBAC)
- Strict least-privilege internal permissions
- Zero-trust network segmentation
3. AI Data Processing & Isolation
Your AI inputs and outputs:
- are not used to train general AI models
- are not visible to other customers
- are processed only for generation or workflow execution
4. Operational Security
{{COMPANY_BRAND_NAME}} implements:
- Logging of all admin actions
- Continuous monitoring of infrastructure
- Automated threat detection
- Regular dependency and vulnerability scanning
- Security patching policy based on severity
5. Data Residency
Data may be stored or processed in regions used by approved cloud and AI providers.
All providers must meet or exceed {{COMPANY_BRAND_NAME}}’s security standards.
6. Backups & Business Continuity
- Automated encrypted backups
- Disaster recovery plan with restore testing
- Service resilience via cloud redundancy
7. Customer Data Controls
- You can export your data
- You can delete your account and data
- We purge data on request or when accounts close
8. Incident Response
We maintain:
- Formal incident response plan
- Immediate containment actions
- Customer notification obligations
- Post-incident review procedures
9. Third-Party Providers
We only work with vendors who meet strong security controls.
Providers undergo security review before onboarding.
10. Responsible Disclosure
We welcome security researchers who follow good-faith testing.
Reports can be sent to: {{COMPANY_LEGAL_EMAIL}}.
11. Contact
{{COMPANY_LEGAL_NAME}}
Security Office
{{COMPANY_CITY}}, Québec, Canada
Email: {{COMPANY_LEGAL_EMAIL}}