Security
Security-first architecture protecting student data, researcher documents, and AI platform integrity with AES-256 encryption and strict tenant isolation.
Last Updated: July 2026
GDPR
Architecture-Ready
DPDPA 2023
Architecture-Ready
EU AI Act
Architecture-Ready
NIST AI RMF
Architecture-Ready
SOC 2
Planned
ISO 27001
Planned
ISO 42001
Planned
PCI DSS
Planned
Data Encryption
Encryption at Rest
AES-256 encryption for all stored data, including databases, file storage, and backups.
Encryption in Transit
TLS 1.3 enforced on all connections. No unencrypted HTTP traffic permitted in production.
Authentication & Access Control
Multi-factor authentication (MFA) on all user accounts
Role-based access control (RBAC) — educators, learners, and admins have distinct permissions
Audit logging of all data access and document queries
Multi-Tenant Isolation
Every tenant's data is strictly isolated. We implement database-level multi-tenancy with row-level isolation enforced for every tenant on KNOWRIZ, designed so that no organization's documents are ever accessible to another tenant. LLM API calls are made for inference only — your source documents are not retained by external AI providers.
Database-level row isolation enforced for every tenant (KNOWRIZ)
Tenant-level document corpus isolation — no cross-tenant data access
LLM providers receive inference requests only — source documents never leave your tenant
Student Data Protection
- Student data collected only for the purpose of learning analytics and course delivery
- No student data sold, shared with third parties, or used for advertising
- Parental consent mechanisms for learners under 18 (where applicable)
- GDPR and DPDPA 2023 data subject rights — access, correction, and erasure within 30 days
- Data minimization — we collect only what is necessary
Infrastructure Security
- Cloud infrastructure with enterprise-grade security controls
- Network segmentation and private VPC architecture
- DDoS protection and rate limiting at the edge
- Automated vulnerability scanning and patch management
- Redundant infrastructure and automated failover, engineered for high availability
- Automated backups with 30-day retention and point-in-time recovery
- Continuous uptime monitoring and anomaly detection
Application Security
OWASP Top 10 mitigations on all AI platform services
Input validation before all AI model calls — no raw pass-through
Prompt injection defenses on all AI-powered features
Regular dependency audits and CVE scanning
Penetration testing planned as we scale to production
Responsible disclosure policy
AI Security
Our AI platforms implement additional controls to ensure AI safety and data integrity.
System prompts treated as secrets — never echoed or exposed in API responses
Output sanitization on all AI responses before rendering (XSS prevention)
Human-in-the-loop approval for all irreversible AI actions
AI model API calls logged with model ID, timestamp, and action type
Rate limiting on all AI inference endpoints to prevent abuse
Data Residency
United States
Primary
EU Region
Planned
India Region
Planned
Security Practices
- Regular internal security audits throughout the development lifecycle
- Penetration testing planned as DeveloperBootstrap, KNOWRIZ, Docemora, and MathuAI scale to general availability
- Incident response plan with defined escalation paths and educator/institution notification procedures
- Third-party security assessments planned post-launch for institution-facing products
- Security incorporated throughout the software development lifecycle (SDLC) — not bolted on after release
Responsible Disclosure
If you discover a security vulnerability in CloudServe Labs, please report it to [email protected]. We respond within 72 hours and follow coordinated disclosure practices.
We do not pursue legal action against researchers who act in good faith and follow this disclosure process.