Data Privacy & Security
Learn about the privacy and security measures we take to protect users of the super.AI platform.
Super.AI operates a platform to enable AI to be effectively used in the real world. Our customers trust us with their most sensitive data. Therefore, security is a core functional requirement to protect their information from accidental or deliberate theft, leakage, integrity compromise, and deletion.
Information security policies and standards are regularly reviewed and adapted by super.AI’s senior engineering leadership to continuously raise the bar. Changes are approved by the executive management team. All super.AI employees are required to read and keep up to date with the policies. In addition, mechanisms—such as training and monitoring—are implemented throughout the organisation to ensure policies are applied.
Our security procedures operate on four key levels:
- People security
- Privacy rights
- Data security
- Infrastructure and network security
Our data privacy and security information is also available as a whitepaper.
If you have any questions regarding our data privacy and security measures, reach out to [email protected].
People security
We apply a variety of measures to ensure that everyone at super.AI who deals with your data is only doing so when absolutely necessary, is adequately trained, and is accessing it through a secure account.
Role-based access
Our user roles ensure that super.AI employees only have access to data and features that they need to carry out their job.
Employee account security
Every user’s account has a unique password. Each password must have high security (8-character length, at least 1 number, and 1 lowercase letter). Wherever possible, we employ two-factor authentication.
Training
As part of our onboarding process, every super.AI employee, including our crowd, is trained on our security policies and standards. Our crowd also signs a non-disclosure agreement (NDA). We conduct regular training refresher sessions and provide updates on changes to security protocols.
Customer accounts
To store our customers’ accounts, we use Amazon Cognito and follow their recommendations for secure passwords (8-character length, at least 1 number and 1 lowercase letter).
Data security
Super.AI's product teams adhere to the following core principles throughout our platform.
Encryption in transit
Super.AI is built with a microservices architecture. All network traffic between services is encrypted through enforced transport layer security (TLS) on all communication via the super.AI API (which uses Amazon API Gateway).
Encryption at rest
All customer data is encrypted at rest using AWS’s built-in capabilities. The technologies we use include Amazon ECR, Amazon S3, and Amazon RDS.
Testing
We apply a test-driven development approach. For every change, we apply a two-man rule. Our continuous deployment pipeline ensures that changes pass multiple gates before they are deployed to production.
Data permissions
Customer data is stored in dedicated, encrypted S3 buckets, created using the customer’s private API key. Customers can invalidate their API key at any time and revoke access to their data.
Data deletion
Customer data is deleted 30 days after contract termination, unless otherwise requested by the customer.
Infrastructure and network security
Super.AI is built over the Amazon Web Services (AWS) infrastructure to provide a secure, reliable, and scalable service.
AWS is compliant with global and geographically specific programs and policies, such as SOC, ISO 27001, PCI DSS, and GDPR.
Data centers
The super.AI software stack is currently deployed in the AWS EU Central (Frankfurt) region. Our environments mitigate the risk of failure by leveraging multiple availability zones.
Physical security
As we use AWS infrastructure for all our production systems, you can learn more about the physical security this provides in this AWS security white paper.
Monitoring
All our services are continually monitored and thresholds are set to alert us to out-of-band performance. Dedicated employees monitor the system via an on-call rotation.
Distributed denial-of-service (DDoS) prevention
Our platform leverages best practices on both a network and application level to mitigate the risk of DDoS attacks.
Security compliance
Super.AI commits to ensure its services meet regulatory and security standards.
Infrastructure provider
The super.AI platform runs on AWS infrastructure, which is highly scalable, reliable and secure.
AWS is compliant with global and geographical specific programs and policies, such as SOC, ISO 27001, PCI DSS, and GDPR: https://aws.amazon.com/compliance/programs/
Privacy Rights
Right of Access
Super.AI offers data subjects the option to get information about our data processing activities, including the data we have about them and the purpose for using it. Please contact [email protected].
Right to Erasure
Customers have the right to ask to delete all the personal data we have about them (unless we are required to keep them to comply with a legal obligation). Requests are typically honored within a month. Please contact [email protected].
Stop Processing Data
Customers can request to restrict or stop processing of their data. Requests are typically honored within a month. Please contact [email protected].
Data Portability
Customers can request to get their personal data in a commonly readable format. Requests are processed typically within a month. Please contact [email protected].
Updated over 1 year ago