Security & trust

Security, privacy, and trust

AiVRIC builds on a secure-by-default stack. This page summarizes controls and links to the Trust Center for artifacts and deeper validation.

Data handling matrix

Data type	Location	Controls
Configuration & findings	AiVRIC control plane (segmented per tenant)	Encrypted in transit (TLS 1.2+), encrypted at rest (AES-256), least-privilege service roles.
Customer data paths	Data stays in your cloud unless optional evidence capture is enabled.	Default agentless access; scope-limited roles; evidence redaction.
Secrets & tokens	Hashicorp Vault-backed storage with envelope encryption.	Rotation enforcement; no plaintext retrieval after creation.
Logs & audit	Immutable event store with retention policies per workspace.	Write-once semantics; exportable to your SIEM.

API access: Token-based with IP allowlists and expiration.
Network posture: TLS everywhere; option to restrict by VPC endpoints where available.
Change approval: Dual-control on guardrail changes for production workspaces.

Continuous controls monitoring with independent audits. Reports available under NDA in the Trust Center.

ISMS in place with regular risk assessments and corrective actions.

Governance model aligns to NIST AI RMF and emerging EU AI Act guidance.

Need signed artifacts? Visit the AiVRIC Trust Center for latest attestations and testing summaries.

Backups: Encrypted daily snapshots; tested restores.
Availability: Multi-AZ deployment with automated failover.
DR: Recovery time and point objectives established and tested at least annually.

Monitoring: 24/7 alerting on uptime, latency, and error budgets.
Incident response: Severity-based runbooks; customer notifications within contractual SLAs.
Responsible disclosure: Email [email protected] for reports; PGP available on request.