Security Policy
Last Updated: October 20, 2025 | Version 2.1
Enterprise-grade security for AI governance platform deployment.
Architecture Overview
Managed Deployment
Full-service deployment with our infrastructure
- • Control Plane (Our Cloud): Auth, config, metrics
- • Data Plane (Our Cloud): AI generation, retrieval
- • Customer Integration: Widget embed via CDN
VPC Deployment
Customer-controlled infrastructure with our platform
- • Control Plane (Our Cloud): Auth, config, metrics only
- • Data Plane (Customer VPC): All data processing
- • Customer Integration: Private endpoints
Data Encryption
At Rest
- • Algorithm: AES-256-GCM
- • Key Management: AWS KMS (managed) or Customer KMS (VPC)
- • Database: Encrypted volumes
- • Backups: Encrypted before storage
In Transit
- • TLS 1.3 for all communications
- • Certificate Management: Automated rotation
Access Control
Authentication
- • Multi-Factor Authentication (MFA) required
- • Role-Based Access Control (RBAC)
- • API Keys: Rotated every 90 days
- • Session Management: JWT with short expiry
Monitoring & Auditing
- • Real-time monitoring of all activities
- • Audit logs: Immutable and tamper-proof
- • SIEM Integration: Export to customer systems
- • Anomaly Detection: ML-based threat detection
Compliance & Certifications
GDPR Compliant
CCPA Compliant
SOC 2 Type II (In Progress)
ISO 27001 (Planned)
HIPAA Ready
KVKK Compliant
Incident Response
- • Response Time: < 1 hour
- • Customer Notification: Within 24 hours
- • Remediation: Immediate containment
- • Post-Incident: Detailed report within 72 hours
Security Contact
Security Email
security@medvixai.ai
Emergency Contact
Emergency: +1 (555) 123-4567
Responsible Disclosure
Responsible Disclosure Program Available