Super.AI operates a platform to enable AI to be effectively used in the real world. Our customers trust us with their most sensitive data. Therefore, security is a core functional requirement to protect their information from accidental or deliberate theft, leakage, integrity compromise, and deletion.
Information security policies and standards are regularly reviewed and adapted by super.AI’s senior engineering leadership to continuously raise the bar. Changes are approved by the executive management team. All super.AI employees are required to read and keep up to date with the policies. In addition, mechanisms—such as training and monitoring—are implemented throughout the organisation to ensure policies are applied.
Our security procedures operate on four key levels:
- People security
- Privacy rights
- Data security
- Infrastructure and network security
Our data privacy and security information is also available as a whitepaper.
If you have any questions regarding our data privacy and security measures, reach out to [email protected]
We apply a variety of measures to ensure that everyone at super.AI who deals with your data is only doing so when absolutely necessary, is adequately trained, and is accessing it through a secure account.
Our user roles ensure that super.AI employees only have access to data and features that they need to carry out their job.
Every user’s account has a unique password. Each password must have high security (8-character length, at least 1 number, and 1 lowercase letter). Wherever possible, we employ two-factor authentication.
As part of our onboarding process, every super.AI employee, including our crowd, is trained on our security policies and standards. Our crowd also signs a non-disclosure agreement (NDA). We conduct regular training refresher sessions and provide updates on changes to security protocols.
To store our customers’ accounts, we use Amazon Cognito and follow their recommendations for secure passwords (8-character length, at least 1 number and 1 lowercase letter).
Super.AI's product teams adhere to the following core principles throughout our platform.
Super.AI is built with a microservices architecture. All network traffic between services is encrypted through enforced transport layer security (TSL) on all communication via the super.AI API (which uses Amazon API Gateway).
We apply a test-driven development approach. For every change, we apply a two-man rule. Our continuous deployment pipeline ensures that changes pass multiple gates before they are deployed to production.
Customer data is stored in dedicated, encrypted S3 buckets, created using the customer’s private API key. Customers can invalidate their API key at any time and revoke access to their data.
Customer data is deleted 90 days after contract termination, unless otherwise requested by the customer.
Super.AI is built over the Amazon Web Services (AWS) infrastructure to provide a secure, reliable, and scalable service.
AWS is compliant with global and geographically specific programs and policies, such as SOC, ISO 27001, PCI DSS, and GDPR.
As we use AWS infrastructure for all our production systems, you can learn more about the physical security this provides in this AWS security white paper.
All our services are continually monitored and thresholds are set to alert us to out-of-band performance. Dedicated employees monitor the system via an on-call rotation.
Our platform leverages best practices on both a network and application level to mitigate the risk of DDoS attacks.
Super.AI commits to ensure its services meet regulatory and security standards.
The super.AI platform runs on AWS infrastructure, which is highly scalable, reliable and secure.
AWS is compliant with global and geographical specific programs and policies, such as SOC, ISO 27001, PCI DSS, and GDPR: https://aws.amazon.com/compliance/programs/
Super.AI offers data subjects the option to get information about our data processing activities, including the data we have about them and the purpose for using it. Please contact [email protected]
Customers have the right to ask to delete all the personal data we have about them (unless we are required to keep them to comply with a legal obligation). Requests are typically honored within a month. Please contact [email protected]
Customers can request to restrict or stop processing of their data. Requests are typically honored within a month. Please contact [email protected]
Customers can request to get their personal data in a commonly readable format. Requests are processed typically within a month. Please contact [email protected]
Updated about 23 hours ago