Compliance, Security & Trust
Enterprise trust is foundational. AI PQ Audit is designed to align with established security and compliance expectations from day one.
Security & Data Handling
- Encryption in transit and at rest
- Strict access controls and audit logging
- Minimal data retention aligned to assessment purpose
Compliance Alignment
Platform outputs are structured to support evidence and reporting needs across major frameworks, including:
- NIST Cybersecurity Framework
- NIST 800-53
- SOC 2 (logical control mapping)
- FedRAMP-aligned environments (where applicable)
Transparency & Governance
We believe security leaders should understand how conclusions are formed. AI-assisted insights are explainable, reviewable, and traceable to source data.
Detailed security documentation, data flow explanations, and pilot governance materials are available upon request.
AI Defense Cloud
Security
- Zero integration required
- TLS encryption in transit
- Enterprise access controls
- File deletion on request
Privacy
- Customer controls all uploads
- No data resale or secondary use
- Limited retention with configurable options
- Transparent data handling practices
Responsible AI
- Documented AI limitations
- Bias & impact evaluation support
- Governance checklists provided
- Transparent model cards
Uptime & Reliability
Real-time service health and uptime telemetry.
API health endpoint: /trust/healthz
Uptime (last 30 days): —
Compliance & Privacy Artifacts
- Controls designed to meet SOC 2 TSC; artifacts shared under NDA on request.
- Documented mappings to NIST SP 800-53 Rev. 5 (Moderate).
- Privacy Policy
- Product Security Overview
Data Protection & Residency
Cryptography:
NIST-recommended cryptography (TLS 1.2+/AES-256).
Data Residency:
US-based by default; EU options available for enterprise.
Retention:
Configurable retention; exports (CSV/PDF/JSON) removable on schedule or request.
Vulnerability Disclosure
We support coordinated disclosure and appreciate researcher engagement. Please include steps to reproduce and any artifacts you can share.
Report a Security IssueAlso available: security.txt
AI Transparency
AI engines are used for vulnerability correlation & summarization; no customer data is shared with third parties without agreement.
Contact Security
Need documents under NDA or have a question about our security posture?
Contact Security & ComplianceDocumentation & Policies
How the unified risk score is computed
What we extract and how it's used
Frameworks and maturity model
Sources and forecasting approach
Uploads, retention, and deletion