Regulatory & Standards Compliance
Full documentation available for enterprise procurement and legal review upon request.
GDPR
AlignedEU General Data Protection Regulation — full data processing agreements available.
HIPAA
AlignedHealthcare data handling aligned with US HIPAA requirements for all health projects.
ISO 27001
AlignedInformation security management aligned with ISO 27001 principles. Formal audit in progress.
SOC 2 Type II
AlignedSOC 2 Type II audit currently underway. Available Q4 2026.
PCI-DSS
AlignedPayment data handled through PCI-DSS certified processors only. No raw card data stored.
AI Ethics
AlignedAligned with EU AI Act risk classification framework and responsible AI principles.
Need our Data Processing Agreement, security questionnaire, or pen test reports? Request documentation →
Six Layers of Security
Data Encryption
- AES-256 encryption at rest for all stored data
- TLS 1.3 in transit for all API and web traffic
- Encrypted backups with independent key management
- Database-level encryption for sensitive fields
Access Control
- Role-based access control (RBAC) on all systems
- Multi-factor authentication (MFA) mandatory for all staff
- Principle of least privilege enforced across all environments
- Quarterly access reviews and offboarding checklists
Infrastructure
- Hosted on AWS, Azure, and GCP — all ISO 27001 and SOC 2 certified
- Private VPCs with no public-facing databases
- On-premises and hybrid deployment available for regulated industries
- Automated vulnerability scanning and patch management
Monitoring & Response
- 24/7 security monitoring with anomaly detection
- Incident response plan with defined SLAs (P1: <1 hour)
- Penetration testing on all production systems annually
- Security logging with 12-month audit trail retention
Data Handling
- Client data never used to train models without explicit consent
- Data residency options — EU, US, or India regions available
- Formal data processing agreements (DPA) for all clients
- Secure deletion procedures with certificate of destruction
IP & Legal Protection
- NDA signed before any technical discussion
- IP ownership transferred to client on project completion
- Source code held in escrow for long-term contracts
- No use of open-source components with viral (GPL) licences without disclosure
AI You Can Trust and Explain
As AI makes higher-stakes decisions, fairness, transparency, and human oversight are non-negotiable.
Bias Testing
All ML models evaluated against protected attributes before deployment. Fairness metrics documented in model cards.
Explainability
High-stakes decision systems include SHAP/LIME explainability layers and human-in-the-loop review mechanisms.
Model Governance
Production models versioned, monitored for drift, and subject to scheduled re-evaluation cycles.
Data Minimisation
We collect and process only the minimum data required for the defined model objective.
Transparency
Clients receive model cards documenting training data, accuracy benchmarks, known limitations, and intended use.
Human Oversight
All critical-path AI decisions include a human review step. No fully autonomous high-stakes AI without approval.
Flexible Deployment Options
Choose the deployment model that fits your security and compliance requirements.
Cloud (SaaS)
Most PopularHosted on AWS, Azure, or GCP with our managed security stack. Fastest time-to-value with enterprise SLAs.
- 99.9% uptime SLA
- Automated backups
- Global CDN
- Managed security monitoring
Private Cloud
Regulated IndustriesDeployed in your dedicated cloud account. Full isolation with DTP managing the infrastructure.
- Your VPC, your control
- Data residency guarantee
- Custom compliance policies
- Dedicated support engineer
On-Premises
Government / DefenseDeployed entirely within your data centre. Complete data sovereignty with no third-party cloud dependency.
- No data leaves your network
- Air-gapped environments supported
- Custom hardware sizing
- On-site deployment team
Have a Security or Compliance Question?
Our security team can provide documentation, answer procurement questionnaires, and schedule a technical security review.