Team Security Practices Overview

Private AI builds software in a security conscious manner. This page will give some insight into the processes and measures the engineering team engages in.

Application Security best practices

Private AI follows security best practices and engages in development processes including regular vulnerability assessments at the code, application and container levels and remediates them according to the SLAs below.

If you have any questions about our processes, feel free to reach out to the team!

Container building

The Private AI container is built on an even slimmer slim image to minimize unnecessary dependencies which reduces the container size as well as exposure to dependency vulnerabilities.

SLA for security patches

Private AI addresses security issues within the following SLA: Based on the CVSS v3.0 rating system

  • Critical: Within 48 hours of CVE publication and resolution availability
  • High: Within 2 weeks of CVE publication and resolution availability
  • Medium and under: Within 1 month of CVE publication and resolution availability

SOC 2, ISO 27001 and other certifications

Is Private AI certified?

Private AI is currently NOT SOC 2 or ISO 27001 certified as we do not store any user or customer data beyond contact and billing details.

Is Private AI SOC 2 / ISO 27001 compliant?

Yes! Using Private AI is SOC 2 and ISO 27001 compliant because we deploy on-prem and we don't retain any data processed.

© Copyright 2024 Private AI.