Team Security Practices Overview
Private AI builds software in a security conscious manner. This page will give some insight into the processes and measures the engineering team engages in.
Application Security best practices
Private AI follows security best practices and engages in development processes including regular vulnerability assessments at the code, application and container levels and remediates them according to the SLAs below.
If you have any questions about our processes, feel free to reach out to the team!
The Private AI container is built on an even slimmer slim image to minimize unnecessary dependencies which reduces the container size as well as exposure to dependency vulnerabilities.
SLA for security patches
Private AI addresses security issues within the following SLA: Based on the CVSS v3.0 rating system
- Critical: Within 48 hours of CVE publication
- High: Within 2 weeks of CVE publication
- Medium and under: Within 1 month of CVE publication
SOC 2, ISO 27001 and other certifications
Is Private AI certified?
Private AI is currently NOT SOC 2 or ISO 27001 certified as we do not store any user or customer data beyond contact and billing details.
Is Private AI SOC 2 / ISO 27001 compliant?
Yes! Using Private AI is SOC 2 and ISO 27001 compliant because we deploy on-prem and we don't retain any data processed.