Aatvi AI
Aatvi AIEnterprise Intelligence Platform
SECURITY

Security & Compliance

Security isn't an afterthought at Aatvi AI. It's built into the architecture, the processes, and how we work.

Data Protection

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. We enforce strict encryption standards across every layer of the platform, from application data to backups.

Customer data is logically isolated at the database level. Each tenant's data is segmented to prevent cross-tenant access, even in shared infrastructure environments.

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption for all data in transit
  • Automated key rotation and management
  • Logical tenant isolation at the database layer

Infrastructure

Aatvi AI is deployed on Cloudflare's global edge network, benefiting from their DDoS mitigation, Web Application Firewall (WAF), and Bot Management capabilities. Our infrastructure spans multiple regions for redundancy and low-latency access worldwide.

We follow infrastructure-as-code practices. All deployments are reproducible, auditable, and subject to automated security scanning before reaching production.

  • Cloudflare edge network with global PoP coverage
  • Built-in DDoS protection and WAF
  • Infrastructure-as-code with automated deployment pipelines
  • Continuous vulnerability scanning and patching

Compliance

We align our security practices with recognized frameworks and regulations. If you're in a regulated industry, we're built to meet your requirements — not just check boxes.

SOC 2 Aligned

Our internal controls are designed around the SOC 2 Trust Services Criteria for security, availability, and confidentiality. We maintain documentation and evidence collection processes aligned with SOC 2 Type II requirements.

GDPR

We comply with the General Data Protection Regulation for all users in the European Economic Area. This includes lawful basis for processing, data subject rights, data processing agreements, and cross-border transfer safeguards.

DPDP Act (India)

We comply with India's Digital Personal Data Protection Act, including consent management, purpose limitation, data principal rights, and data fiduciary obligations. As an Indian-founded company, DPDP compliance is central to our operations.

Access Control

We enforce the principle of least privilege across our organization. Access to production systems, customer data, and sensitive infrastructure is tightly controlled and regularly reviewed.

Multi-factor authentication is required for all team members. Access is granted on a need-to-know basis and revoked promptly when roles change.

  • Role-based access control (RBAC) across all systems
  • Multi-factor authentication enforced organization-wide
  • Quarterly access reviews and privilege audits
  • Audit logging for all access to customer data

Incident Response

We maintain a documented incident response plan that covers detection, containment, eradication, recovery, and post-incident review. Our team runs regular drills to ensure readiness.

In the event of a security incident affecting customer data, we commit to notifying affected parties within 72 hours, in compliance with GDPR and DPDP requirements.

  • Documented incident response plan with defined escalation paths
  • 72-hour notification commitment for data breaches
  • Regular incident response drills and tabletop exercises
  • Post-incident reviews with documented corrective actions

Security questions?

If you have questions about our security practices or need to report a vulnerability, please contact us at security@aatvi.ai.