Legal

Security

Last Updated: April 2026

Our Security Commitment

At DiscovrAI, security is fundamental to everything we build. We implement comprehensive security measures to protect your organization's data and ensure compliance with industry standards.

Infrastructure Security

Cloud Infrastructure

  • Hosting: Our platform is hosted on enterprise-grade cloud infrastructure with industry-leading security certifications
  • Redundancy: Multi-region deployment with automatic failover ensures high availability
  • Monitoring: 24/7 infrastructure monitoring with automated alerting and incident response

Network Security

  • Encryption in Transit: All data is encrypted using TLS 1.3 for data in transit
  • Encryption at Rest: AES-256 encryption for all stored data
  • Firewall Protection: Web Application Firewall (WAF) protection against common attack vectors
  • DDoS Mitigation: Enterprise-grade DDoS protection

Application Security

Secure Development

  • Security-First Design: Security considerations are integrated into our development lifecycle
  • Code Reviews: All code changes undergo security-focused peer review
  • Dependency Management: Automated scanning for vulnerabilities in third-party dependencies
  • Penetration Testing: Regular third-party security assessments

Authentication & Access Control

  • Multi-Factor Authentication: MFA support for all accounts
  • Single Sign-On (SSO): SAML 2.0 and OAuth 2.0 integration for enterprise customers
  • Role-Based Access Control: Granular permissions management
  • Session Management: Secure session handling with automatic timeout

Data Protection

Data Handling

  • Data Minimization: We only collect data necessary for service delivery
  • Data Classification: All data is classified and handled according to sensitivity
  • Access Logging: Comprehensive audit logs of all data access
  • Secure Deletion: Cryptographic erasure when data is deleted

Privacy Compliance

  • GDPR Compliance: Full compliance with UK and EU GDPR requirements
  • Data Processing Agreements: Available for enterprise customers
  • Privacy Impact Assessments: Conducted for new features and data processing activities
  • Data Subject Rights: Streamlined processes for access, correction, and deletion requests

Compliance Framework

Standards & Certifications

DiscovrAI is committed to achieving and maintaining compliance with:

  • SOC 2 Type II: Security, Availability, and Confidentiality controls (in progress)
  • ISO 27001: Information security management alignment
  • GDPR: UK and EU data protection compliance
  • Cyber Essentials: UK government-backed certification

Enterprise Requirements

For enterprise deployments, we offer:

  • Security questionnaire responses
  • Architecture documentation
  • Penetration test reports (under NDA)
  • Compliance certifications
  • Data Processing Agreements (DPAs)

Incident Response

Response Procedures

  • Detection: Automated monitoring and alerting systems
  • Assessment: Rapid triage and impact assessment
  • Containment: Immediate steps to limit incident scope
  • Communication: Timely notification to affected parties
  • Recovery: Structured recovery and lessons learned

Breach Notification

In accordance with GDPR requirements, we commit to:

  • Notifying the ICO within 72 hours of becoming aware of a qualifying breach
  • Informing affected data subjects without undue delay when required
  • Documenting all incidents and response actions

Physical Security

Our cloud infrastructure providers maintain:

  • 24/7 physical security and surveillance
  • Biometric access controls
  • Environmental controls and fire suppression
  • Redundant power and cooling systems

Employee Security

Background Checks

All employees with access to customer data undergo appropriate background verification.

Security Training

  • Security awareness training for all employees
  • Role-specific security training for technical staff
  • Regular phishing simulations and testing
  • Ongoing compliance education

Access Management

  • Principle of least privilege
  • Regular access reviews
  • Immediate access revocation upon termination
  • Segregation of duties for sensitive functions

Vendor Security

Third-Party Risk Management

  • Security assessment of all vendors before engagement
  • Contractual security requirements
  • Regular vendor security reviews
  • Data Processing Agreements with all sub-processors

Sub-Processor Transparency

A list of our sub-processors is available upon request for enterprise customers.

Reporting Security Issues

We take security reports seriously and appreciate responsible disclosure.

If you discover a potential security vulnerability, please contact us at:

Email: security@discovrai.tech

We commit to:

  • Acknowledging receipt within 24 hours
  • Providing regular updates on investigation progress
  • Working with reporters to understand and resolve issues
  • Not pursuing legal action against good-faith reporters

Security Documentation

Enterprise customers can request:

  • Security whitepaper
  • Architecture diagrams
  • Penetration test executive summary
  • Compliance certifications
  • Security questionnaire responses

Contact enterprise@discovrai.tech for security documentation requests.

Continuous Improvement

Security is an ongoing commitment. We continuously:

  • Monitor emerging threats and vulnerabilities
  • Update security controls and practices
  • Invest in security tooling and training
  • Engage external security experts for assessment