A transparent overview of the principles and practices we employ to keep your information secure, private, and available.
Modern, secure, and scalable cloud foundations.
No user or service is trusted by default. Every request is independently authenticated and authorized. Internal traffic is protected via mTLS.
TLS 1.3 for data in transit, AES-256 for data at rest across databases, object storage, and caches.
Strict tenant isolation at the application layer. Optional dedicated VPC deployments for enterprises.
Hosted on AWS with state-of-the-art physical security, redundancy, and monitoring.
Security built into the SDLC and product controls.
Security training, code reviews, SAST/DAST, and dependency scanning are part of our engineering process.
Role-Based Access Control enables least-privilege access and precise permissioning.
Strong passwords and MFA for all users. Enterprise SSO via SAML 2.0/OIDC with providers like Okta and Azure AD.
RAG with permission pre-filtering prevents data leakage. PII/PHI identification and redaction features built-in.
Policy, process, and validation.
Regular third-party penetration tests help us proactively identify and remediate vulnerabilities.
Formal program with SLAs for critical issues to ensure timely remediation.
Comprehensive IR plan and team to investigate and respond to potential security events.
Aligning with SOC 2 Type II and ISO 27001. Building controls for external validation.
If you believe you have discovered a security vulnerability, please report it to security@projectpath.ai. We are committed to prompt, responsible disclosure and resolution.