Security Policy

Last Updated: January 1, 2025

At Adam Scholes LLC, security is fundamental to Deltio.ai's architecture. This document outlines our comprehensive security measures and practices to protect your data and ensure service integrity.

Infrastructure Security

Cloud Infrastructure

  • Hosted on enterprise-grade cloud infrastructure
  • Geographically distributed servers for redundancy
  • Automatic failover and disaster recovery
  • DDoS protection and rate limiting

Network Security

  • All connections encrypted with TLS 1.3
  • Web Application Firewall (WAF) protection
  • Regular security scanning and monitoring
  • Strict firewall rules and network segmentation

Data Protection

Encryption Standards

  • AES-256 encryption for data at rest
  • TLS encryption for data in transit
  • Encrypted database backups
  • Secure key management systems

Data Isolation

  • Row-level security in databases
  • Isolated data processing environments
  • No shared resources between users
  • Secure multi-tenancy architecture

Authentication & Access Control

  • Magic link authentication (no passwords to compromise)
  • Session management with automatic timeouts
  • Role-based access control (RBAC)
  • Regular access reviews and audits
  • Multi-factor authentication for admin accounts

Application Security

  • Regular security updates and patching
  • Input validation and sanitization
  • Protection against OWASP Top 10 vulnerabilities
  • Content Security Policy (CSP) headers
  • Secure coding practices and code reviews

AI Model Security

  • Isolated AI processing environments
  • No training on user data
  • Prompt injection protection
  • Output filtering and validation
  • Regular model security assessments

Monitoring & Incident Response

24/7 Monitoring

  • Real-time security event monitoring
  • Automated threat detection
  • Performance and availability monitoring
  • Security information and event management (SIEM)

Incident Response Plan

  • Defined incident response procedures
  • Rapid response team availability
  • User notification within 72 hours of confirmed breaches
  • Post-incident analysis and improvements

Compliance & Auditing

  • Regular third-party security audits
  • Compliance with industry standards
  • Comprehensive audit logging
  • Annual penetration testing
  • Vulnerability assessments

Employee Security

  • Background checks for all employees
  • Security training and awareness programs
  • Principle of least privilege access
  • Confidentiality agreements
  • Regular security policy reviews

Responsible Disclosure

We welcome security researchers to responsibly disclose vulnerabilities. Please email security@deltio.ai with:

  • Detailed description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Your contact information

We commit to acknowledging receipt within 48 hours and providing regular updates on remediation progress.

Contact Security Team

For security concerns or questions about our practices:

Adam Scholes LLC Security Team
Email: security@deltio.ai
PGP Key: Available upon request