Security

INFRASTRUCTURE SECURITY

Our platform is built on enterprise-grade infrastructure with security at every layer:

• Cloud Infrastructure: We utilise leading cloud providers with SOC 2 Type II, ISO 27001, and other industry certifications.
• Network Security: All data in transit is encrypted using TLS 1.3. Our network architecture includes firewalls, intrusion detection systems, and DDoS protection.
• Data Encryption: All data at rest is encrypted using AES-256 encryption. Encryption keys are managed through hardware security modules (HSMs).
• Access Controls: We implement strict role-based access controls (RBAC) and the principle of least privilege across all systems.

APPLICATION SECURITY

We follow secure development practices throughout our software development lifecycle:

• Secure Development: Our development team follows OWASP guidelines and secure coding practices. All code undergoes peer review before deployment.
• Vulnerability Management: We conduct regular vulnerability assessments and penetration testing by independent third parties.
• Dependency Management: We continuously monitor and update third-party dependencies to address known vulnerabilities.
• Security Testing: Automated security testing is integrated into our CI/CD pipeline, including static and dynamic analysis.

DATA PROTECTION

Your data is protected through multiple layers of security controls:

• Data Isolation: Customer data is logically separated, ensuring strict isolation between tenants.
• Data Residency: We offer data residency options to meet regional compliance requirements, including EU data storage.
• Data Retention: We maintain clear data retention policies and provide tools for data export and deletion upon request.
• Backup & Recovery: Regular automated backups with tested recovery procedures ensure business continuity.

OPERATIONAL SECURITY

Our operational practices ensure ongoing security and reliability:

• 24/7 Monitoring: Our security operations centre monitors systems around the clock for potential threats and anomalies.
• Incident Response: We maintain a comprehensive incident response plan with defined escalation procedures and communication protocols.
• Change Management: All changes to production systems follow strict change management procedures with appropriate approvals.
• Employee Security: All employees undergo background checks and complete regular security awareness training.

COMPLIANCE & CERTIFICATIONS

We maintain compliance with industry standards and regulations:

• GDPR: We are fully compliant with the General Data Protection Regulation for handling EU personal data.
• Data Protection Act: We adhere to the UK Data Protection Act 2018 requirements.
• ISO 27001: Our information security management system is aligned with ISO 27001 standards.
• SOC 2: We undergo regular SOC 2 audits to validate our security controls.

RESPONSIBLE DISCLOSURE

We value the security research community and welcome responsible disclosure of potential vulnerabilities. If you believe you have discovered a security issue in our platform, please contact us at support@3rdi.ai. We commit to:

• Acknowledging receipt of your report within 48 hours
• Providing regular updates on our investigation
• Working with you to understand and resolve the issue
• Recognising your contribution once the issue is resolved

CONTACT

For security-related enquiries or to request additional information about our security practices, please contact our security team at support@3rdi.ai