Definition AI: Security

• We don’t process any of your data
• We don’t send any personally identifiable information (PII) to AI vendors
• We can delete all of your account data if you ask us to
• Definition AI complies with GDPR, CCPA, and SOC 2 standards

• We encrypt all data using AES-256 encryption and TLS protocols whether it’s moving across the internet or stored on our servers
• Our platform uses AWS Key Management for encryption key generation, storage and lifecycle management
• We logically and physically segment all data within AWS – this means we keep client data separate in our private cloud

• Secure login using Google or Microsoft Single Sign-On for all users
• We secure all API endpoints against unauthorised access using OAuth2
• We strictly control access to the cloud environment with rigorous identity and access management policies

• Our platform operates within an AWS Virtual Private Cloud (VPC), making sure we have network-level isolation
• We use AWS Sentry and CloudWatch to monitor for security incidents

• We conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) in staging environments to detect runtime vulnerabilities related to authentication, session management, and API security
• We run code reviews for all development work, with a focus on OWASP Top Ten
• We run an OWASP dependency check to scan all third-party libraries for known vulnerabilities

• Two-hour threat SLA – initial identification and escalation take place within two business hours, with a solution implemented within one business day

We’re independently audited each year under the UK government-backed Cyber Essentials Plus certification scheme (accredited by the UK’s National Cyber Security Centre). Here’s our accreditation.