Security at Vigilense AI

Your Security is Our Priority

At Vigilense AI, security is built into everything we do. You are trusting us with access to your security infrastructure, and we take that responsibility seriously.

Deployment Options

Vigilense AI is delivered as a fully managed SaaS platform with enterprise-grade security and compliance:

SaaS Cloud

Fully managed by us with tenant-separated infrastructure. Ideal for teams who want rapid deployment and minimal operational overhead.

Tenant Separation (SaaS)

For SaaS deployments, we implement strict multi-tenant isolation:

  • Logical Isolation: Each customer's data is logically separated using unique tenant identifiers and access controls.
  • Encryption Separation: Each tenant has dedicated encryption keys managed via AWS KMS / Azure Key Vault.
  • Network Isolation: Network-level controls and security groups prevent cross-tenant access.
  • Compute Isolation: Processing is isolated at the container/instance level per tenant.
  • Database Isolation: Tenant data is separated at the schema or database level depending on configuration.
  • Audit Logging: All access is logged with tenant context for audit and compliance.

BYODb: Your Data Stays With You

Our Bring Your Own Database (BYODb) architecture is designed with security-first principles:

  • No Data Storage: We never store your security logs, event data, or sensitive information on our servers (when using BYODb).
  • Real-Time Queries: We query your databases in real-time and process data in memory.
  • Your Infrastructure: Your data remains in your controlled environment at all times.
  • Zero Data Export: We don't copy, export, or retain your security data.
  • Credential Security: Database credentials are encrypted at rest using HSM-backed keys and never logged.

Compliance & Certifications

We are actively building toward the industry's most rigorous compliance standards. Our platform is architected from day one to meet these frameworks.

SOC 2 Type II (In Progress)

Platform and processes architected for annual audits covering security, availability, and confidentiality controls.

GDPR (In Progress)

Built to meet the General Data Protection Regulation requirements for EU data subjects.

CCPA (In Progress)

Designed to satisfy California Consumer Privacy Act requirements from the ground up.

ISO 27001 (Aligned, Certification In Progress)

Information security management system aligned with ISO 27001 international standards.

Infrastructure Security

Encryption

  • In Transit: All communications are encrypted using TLS 1.3.
  • At Rest: All data is encrypted using AES-256 with tenant-specific keys.
  • Key Management: Encryption keys are managed using hardware security modules (HSM) via cloud KMS services.
  • Database Credentials: Encrypted at rest and in transit, with support for secrets managers.

Network Security

  • Zero-trust network architecture
  • Network segmentation and micro-segmentation
  • Intrusion detection and prevention systems
  • DDoS protection and mitigation
  • Web application firewall (WAF)
  • Private endpoints available for database and AI service connections

Access Controls

  • Multi-factor authentication (MFA) required for all access
  • Role-based access control (RBAC) with granular permissions
  • Principle of least privilege
  • SSO integration (SAML, OIDC) for enterprise identity management
  • Regular access reviews and audits
  • Automated deprovisioning

Application Security

  • Secure Development: We follow secure coding practices and OWASP guidelines.
  • Code Reviews: All code changes undergo security review before deployment.
  • Dependency Scanning: Automated scanning for vulnerable dependencies.
  • Penetration Testing: Third-party penetration testing scheduled.
  • Responsible Disclosure: We maintain a responsible disclosure program.

Operational Security

  • 24/7 Monitoring: Continuous security monitoring of our SaaS infrastructure.
  • Incident Response: Documented incident response procedures with defined SLAs.
  • Business Continuity: Disaster recovery and business continuity plans.
  • Employee Security: Background checks, security training, and awareness programs.
  • Separation of Duties: No single employee has access to all systems.

Vendor Security

We carefully vet all third-party vendors and require:

  • SOC 2 or equivalent compliance
  • Security questionnaire completion
  • Contractual security requirements
  • Regular security assessments
  • Data processing agreements where applicable

Security Reporting

If you discover a security vulnerability, please report it responsibly:

  • Email: security@vigilense.ai
  • PGP Key: Available upon request
  • Response Time: We acknowledge reports within 24 hours
  • Responsible Disclosure: Responsible disclosure program

Security Documentation

Enterprise customers can request:

  • SOC 2 Type II audit report (available upon completion of certification)
  • Penetration test executive summary
  • Security questionnaire responses (SIG, CAIQ, custom)
  • Data processing agreements (DPA)
  • Architecture and data flow diagrams
  • Tenant isolation technical documentation

Questions?

For security-related inquiries, contact our security team:

Vigilense AI - Security Team
Email: security@vigilense.ai