Trust. Security

    Security.

    We take security and data protection seriously. Our platform is designed to ensure that your data remains confidential, secure, and handled according to industry best practices.

    Version
    1.2.2
    Effective
    2 April 2026
    Last reviewed
    8 May 2026

    In Short

    • Your data is encrypted in transit and at rest, processed only within the European Union, and never sent to external AI providers.
    • We run proprietary AI models on our own infrastructure, follow strict data minimization, and never use customer data for training or profiling.
    • Hardened systems, role based access, multi factor authentication, continuous monitoring, and tested disaster recovery procedures protect availability and integrity.
    • Practices align with ISO/IEC 27001 principles and GDPR by design.
    • More detailed information is provided below.

    Encryption

    All data in transit is protected using TLS 1.2 and 1.3, ensuring secure communication between clients and our systems.

    Data at rest is encrypted using AES 256 or equivalent strong encryption standards to prevent unauthorized access.

    AI and Data Processing

    We use proprietary AI models that are fully controlled and operated within our own infrastructure.

    • No customer data is sent to third party AI providers.
    • We do not use external services such as OpenAI, Anthropic (Claude), or similar APIs.
    • All AI processing happens within our controlled, secure environment in the European Union.
    • Customer data is never used to train shared or external models.

    This ensures full control over data handling, eliminates third party exposure, and maintains strict confidentiality.

    Transient Data Processing

    We follow a strict data minimization approach:

    • Files are processed only as required to deliver the requested functionality.
    • Processing is temporary and limited in duration.
    • Data is not retained longer than necessary.
    • Temporary processing environments are isolated and securely disposed of after use.

    We do not use customer data for training, profiling, or any secondary purposes.

    Data Ownership

    Customers retain full ownership of their data at all times.

    • We do not sell, share, or monetize customer data.
    • Data is processed solely for the purpose of providing the service.
    • Access to customer data is strictly limited and controlled.

    EU Infrastructure and Data Residency

    Our infrastructure is designed to ensure strong data protection and regulatory compliance:

    • Data is stored and processed exclusively within the European Union.
    • We prioritize EU based infrastructure and service providers.
    • All processing is aligned with GDPR requirements.

    For details on how we process personal data, see our Privacy Policy.

    Security Hardening

    Our systems are configured and maintained according to strict security best practices:

    • Hardened server environments and minimal attack surface.
    • Continuous patching and security updates.
    • Principle of least privilege applied across all systems.
    • Network segmentation and isolation of sensitive components.

    Access Control

    Access to systems and data is tightly controlled:

    • Role based access control (RBAC).
    • Multi factor authentication (MFA) for internal systems.
    • Strong authentication and authorization mechanisms.

    DDoS Protection and Availability

    We implement multiple layers of protection to ensure system availability:

    • Network level DDoS mitigation.
    • Traffic filtering and rate limiting.
    • Redundant infrastructure to reduce single points of failure.

    Backups and Disaster Recovery

    We maintain measures to ensure data durability and service continuity:

    • Regular encrypted backups.
    • Tested recovery procedures.
    • Designed to ensure data integrity and availability in case of incidents.

    Resilience and Failure Testing

    We actively test the resilience of our systems under real world failure conditions:

    • Controlled fault injection (Chaos Engineering practices, including Chaos Monkey style tests).
    • Simulated infrastructure failures (instance, network, and dependency outages).
    • Disaster recovery simulations to validate recovery procedures.
    • Regular failover testing to ensure system continuity.

    These practices help ensure that our systems remain stable, recover quickly, and continue operating under adverse conditions.

    Monitoring and Incident Response

    We continuously monitor our systems for security events:

    • Centralized logging and real time alerting.
    • Automated detection of suspicious activity.
    • Defined incident response procedures with internal escalation.
    • Timely customer notification in the event of a relevant security incident.

    Security Testing and Standards

    We continuously improve our security posture:

    • Security practices aligned with ISO/IEC 27001 principles.
    • Regular vulnerability assessments and penetration testing.
    • Ongoing internal reviews of security controls and policies.

    Compliance and Best Practices

    We are committed to maintaining high standards of security and privacy:

    • GDPR compliance by design and default.
    • Data minimization and purpose limitation principles.
    • Continuous improvement to meet evolving regulatory and security requirements.

    See also our Privacy Policy, Terms, and Cookie Policy.

    Contact

    For information on how we process personal data and your rights under GDPR, please refer to our Privacy Policy.

    If you have any questions about our security practices, please contact us at ten.reirracdetsurt@ytiruces.