Security

Our commitment to protecting your data and responsible disclosure policy.

Security Posture

Data Encryption

All data is encrypted in transit using TLS 1.2+. Client portal data and uploaded files are encrypted at rest using AES-256 encryption.

Access Control

Access to client data is controlled through authentication and role-based permissions. Users can only access their own projects. Administrative access is logged.

Audit Logging

Security-relevant events are logged, including authentication attempts, file uploads and downloads, and administrative actions. Logs do not contain sensitive file content.

Incident Response

We maintain procedures for security incident detection, response, and notification. Affected clients will be notified promptly in accordance with applicable regulations.

Infrastructure

The client portal is built on Firebase, which is operated by Google and provides enterprise-grade security infrastructure. This includes:

  • SOC 2 Type II certified infrastructure
  • ISO 27001 certified data centres
  • Automatic security updates and patching
  • DDoS protection and rate limiting
  • Geographic data residency options

Responsible Disclosure

Report a Security Vulnerability

We appreciate the security research community's efforts in helping keep our services secure. If you believe you have discovered a security vulnerability, please report it to us responsibly.

What to Include

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Any proof-of-concept code (if applicable)

Our Commitment

  • Acknowledge receipt within 2 working days
  • Provide an initial assessment within 5 working days
  • Keep you informed of remediation progress
  • Credit researchers (if desired) after fixes are deployed

Guidelines

  • Do not access or modify other users' data
  • Do not perform denial-of-service attacks
  • Do not publicly disclose until we've had reasonable time to address
  • Act in good faith and avoid privacy violations

Questions

For general security questions or to request additional information about our security practices, please contact us at info@aiconsultantinsights.com.