Security & Compliance

Built for the
scrutiny you'll face.

Enterprise procurement teams don't shortlist AI vendors who can't answer security questions on the first call โ€” and serious startups shouldn't either. Here is exactly where we stand โ€” no vague assurances.

๐Ÿ›๏ธ

Data Residency

UAE & GCC region hosting available on request

Deployments can be configured for UAE-only or GCC-region data residency โ€” AWS Middle East (Bahrain/UAE), Azure UAE regions, or on-premise/private cloud for CBUAE-regulated and other compliance-sensitive entities.

๐Ÿ”’

Encryption

AES-256 at rest ยท TLS 1.3 in transit

All data is encrypted at rest and in transit as standard. Key management can be customer-held (BYOK) for institutions with sovereign key control requirements.

๐Ÿงช

Penetration Testing

Third-party tested before every production go-live

Every production AI deployment undergoes independent penetration testing and a vulnerability assessment before go-live, with remediation tracked to closure.

๐Ÿ“‹

Compliance Alignment

CBUAE ยท DIFC DPDL ยท UAE PDPL ยท ISO 27001-aligned practices

Our delivery methodology is built around CBUAE regulatory expectations, DIFC Data Protection Law, and UAE PDPL โ€” with ISO 27001-aligned information security practices across engineering and operations.

๐Ÿ—๏ธ

Access Control

SSO, MFA, and least-privilege by default

Every deployment enforces single sign-on, multi-factor authentication, and least-privilege access for both human users and service accounts โ€” no shared credentials, no standing admin access.

๐Ÿ“

Sub-processor Transparency

Full sub-processor list available under NDA

We disclose every cloud provider, model vendor, and third-party tool involved in your deployment โ€” no hidden data flows. A current sub-processor list is provided to every enterprise client.


Regulatory Alignment

Frameworks we build against.

CBUAE RulebookDIFC Data Protection LawUAE PDPLFATF RecommendationsBasel III/IVISO 27001-aligned practicesSOC 2-aligned controlsUAE Pass Integration Standards

Need our full security questionnaire answered?

We complete vendor security assessments (CAIQ, SIG, custom) for procurement teams โ€” typically within 5 business days.