Security
Security practices, encryption, and responsible disclosure across all CloudServe division products
Last Updated: July 2026
GDPR
Architecture-Ready
DPDPA 2023
Architecture-Ready
EU AI Act
Architecture-Ready
NIST AI RMF
Architecture-Ready
SOC 2
Planned
ISO 27001
Planned
ISO 42001
Planned
PCI DSS
Planned
Data Encryption
Encryption at Rest
AES-256 encryption applied to all stored data across division products and customer databases.
Encryption in Transit
TLS 1.3 enforced on all connections — no plaintext data transmission permitted across any endpoint.
Authentication & Access Control
- OAuth 2.0 and OpenID Connect (OIDC) across all division products
- Multi-factor authentication (MFA) — TOTP and hardware keys
- Role-based access control (RBAC) with least-privilege enforcement
- JWT with short-lived access tokens and refresh token rotation
- Audit logging of all authentication events across platforms
- Single Sign-On (SSO) via SAML 2.0 for enterprise clients (CloudServe Digital)
Multi-Tenant Isolation
Every customer's data is strictly isolated. CloudServe Labs' KNOWRIZ enforces database-level row isolation for every tenant. Our multi-tenant architecture is designed so that one organization's data is never accessible to another.
- Database-level tenant isolation on all multi-tenant products
- Row-level security (RLS) policies designed to prevent cross-tenant data access
- LLM API calls for inference only — source documents never retained by external providers
- Tenant-scoped encryption keys planned for enterprise tier
Infrastructure Security
- Cloud infrastructure with enterprise-grade VPC-style network architecture
- Network segmentation, DDoS protection, and rate limiting at the edge
- Automated vulnerability scanning and patch management
- Redundant infrastructure and automated failover, engineered for high availability
- Automated backups with 30-day retention and point-in-time recovery
- Continuous uptime monitoring and anomaly detection
Application Security
- OWASP Top 10 mitigations across all CloudServe products
- Input validation and output sanitization on all API endpoints
- Dependency audit pipeline with automated CVE scanning
- Responsible disclosure policy — report to [email protected]
AI Security
AI features across CloudServe Digital, CloudServe Labs, and CloudServe Apps products share a common set of AI-specific security controls, applied group-wide.
- All user input validated and sanitized before any AI model call — no raw pass-through to LLMs, enforced across all division products
- Prompt injection defenses on AI-powered features across CloudServe Digital, CloudServe Labs, and CloudServe Apps products
- Model output validated and sanitized before rendering to users or delivery to enterprise clients
- System prompts treated as secrets — never echoed or exposed in API responses or logs
- AI audit logging: LLM calls logged with model ID, tenant context, and timestamp across division platforms
- Rate limiting on all AI inference endpoints — per-tenant and per-user quotas enforced at the API gateway
Data Residency
United States
Primary
EU Region
Planned
India Region
Planned
Student & Researcher Data
CloudServe Labs products (DeveloperBootstrap, KNOWRIZ, Docemora, MathuAI) handle student and researcher data with additional protections.
- Student data collected only for learning analytics and course delivery
- No student data sold, shared with third parties, or used for advertising
- GDPR Article 17 and DPDPA erasure rights honored within 30 days
- Data minimization — we collect only what is required
Security Practices
- Regular internal security audits throughout the development lifecycle
- Penetration testing planned as products scale to general availability
- Incident response plan with defined escalation paths and customer notification procedures
- Third-party security assessments planned post-launch for enterprise-facing products
- Security incorporated throughout the software development lifecycle (SDLC) — not bolted on after release
Responsible Disclosure
If you discover a potential security vulnerability in any CloudServe product, please report it responsibly to [email protected]. We commit to acknowledging all reports within 72 hours and working transparently to resolve confirmed issues. We do not pursue legal action against researchers who act in good faith.