Abacus.AI Security Policy
We have implemented comprehensive information security controls across every aspect of our product life cycles. These security controls were developed and implemented with the singular goal of safeguarding our customers’ data using best-in-class industry frameworks and practices.
For a complete documentation on our Secure Deployment Options and Information Security And Compliance Paper, please refer to the links below:
The highlights of our security program are given below:
Administrative & Organizational controls
Data Governance & Handling Policies
Comprehensive data classification, access policies are in place to ensure that customer data is only accessed on a need-to-know basis governed by a principle of least privileged access. Abacus.AI’s customers continue to own the data they use on the product to build models and only provide temporary read-only access to the data. Abacus.AI will only process the data to fulfill our contractual obligations and not for any other purpose such as scanning for advertisements or selling to third parties. we do not scan it for advertisements nor sell it to third parties.
All employees undergo comprehensive background screening and security training before working on our products. Additionally, there is annual re-certification of all security training.
Infrastructure & Operational controls
Access Control & Two-Factor Authentication
Comprehensive Role based access controls have been implemented across the entire network stack starting from internal IT systems to production infrastructure governed by the principle of least privilege. Two-Factor authentication has been deployed across all the infrastructure.
End-to-End encryption of data in transit and rest have been implemented. Strong encryption is used to isolate customers' data and compute environments.
Multi-tiered network topology has been implemented to reduce surface area of exposure. Network Access Control Lists and firewalls limit network traffic between the network layers.
Operational Monitoring & Alerting
Comprehensive operational monitoring and alerting have been implemented for early detection of anomalies and remediation.
Standards & Regulatory Compliance
Our systems are fully compliant with all applicable local laws such as GDPR in the European Union and CCPA in California, USA.
Our systems are compliant with the highest standards per CSI and PCI DSS.
For further inquiries regarding our security policy, please contact us at firstname.lastname@example.org or at our mail address:
1099 Folsom Street
San Francisco, CA 94103