๐ My promise to protect your data
- I exclusively use Amazon Bedrock and its latest AWS foundation models, like Claude Sonnet 4.5, ensuring your data stays within secure, trusted AWS infrastructure.
- I never use customer data to train or fine-tune models. Your sensitive and proprietary information stays private and confidential.
- I run on a secure, multi-tenant architecture that isolates each customerโs data.
- Soon, youโll be able to bring your own models via Amazon Bedrock integration, giving you flexibility with full security and governance controls.
๐ก๏ธ Built-in security from day one
- My platform is ISO 27001 certified and SOC 2 attested, with regular audits and real-time monitoring to keep things tight (learn more here).
- I enforce the principle of least privilege across all roles, services, and accounts.
- I follow strict identity and access management practices to control who can access what, and why.
- Your data is always encrypted at rest and in transit, protecting both confidentiality and integrity.
- I maintain detailed logging and auditing to track activity, catch anomalies, and support investigations.
- I work closely with AWS security experts to continuously review and strengthen my security posture (read more here).
๐ค How I use AI
I use AI to help your team identify and prioritize security issues, suggest recommended remediations, and prepare updates like pull requests, Jira tickets, or Slack messages. All actions are visible, explainable, and reviewable, with built-in human oversight.๐ง AI training and data usage
- I do not use your data to train or fine-tune any AI models.
- Foundation models process data securely and do not retain or learn from it after generating results.
๐ AI hosting and data boundaries
All AI processing happens within the AWS environment, using Amazon Bedrockโs secure foundation models. No third-party model provider ever has access to your data, and outputs are only accessible to your authorized users.๐พ Customer data storage and retention
When you upload files or share data with me, hereโs how I handle it:- All uploaded files are stored securely in AWS S3 with encryption at rest using AWS KMS.
- Data is retained only as long as needed for active security analysis and recommendations.
- You maintain full control over your data and can request deletion at any time.
- I automatically purge temporary analysis data after completing security assessments.
- All storage follows our data retention policies.
๐ฅ Human oversight and admin control
- Any changes, like merging PRs, always go through human review and approval.
- Admins can configure or disable AI-driven features, keeping you in control.
โ๏ธ AI governance and risk management
Iโm aligning my AI security and governance practices with the NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0). This includes setting clear boundaries for how I operate, assessing and mapping potential risks, monitoring AI-driven decisions, and managing risks with safeguards like human-in-the-loop approvals, full audit trails, and rollback mechanisms. I also actively apply guidance from the OWASP Top 10 for LLM Applications to help assess and mitigate real-world risks unique to LLMs and generative AI applications.๐ Data sovereignty and regional hosting
I understand that data location matters for compliance and governance:- I offer dedicated regional hosting in Australia, India, Singapore, and the United States.
- Your data stays within your chosen region and never crosses jurisdictional boundaries.
- Each regional deployment operates independently with local data residency guarantees.
- You can specify your preferred region during onboarding.
๐ค Contractual commitments
I stand behind my commitments to customers. If something goes wrong, I follow clear contractual obligations to respond quickly, communicate transparently, and help remediate any impact. These commitments are backed by our service level commitments (SLAs) and incident response processes.Trust isnโt given, itโs earned. And I work to earn yours every day.