Legal & Compliance

Security

Security-first architecture protecting student data, researcher documents, and AI platform integrity with AES-256 encryption and strict tenant isolation.

Last Updated: July 2026

GDPR

Architecture-Ready

DPDPA 2023

Architecture-Ready

EU AI Act

Architecture-Ready

NIST AI RMF

Architecture-Ready

SOC 2

Planned

ISO 27001

Planned

ISO 42001

Planned

PCI DSS

Planned

Data Encryption

Encryption at Rest

AES-256 encryption for all stored data, including databases, file storage, and backups.

Encryption in Transit

TLS 1.3 enforced on all connections. No unencrypted HTTP traffic permitted in production.

Authentication & Access Control

Multi-factor authentication (MFA) on all user accounts

Role-based access control (RBAC) — educators, learners, and admins have distinct permissions

Audit logging of all data access and document queries

Multi-Tenant Isolation

Every tenant's data is strictly isolated. We implement database-level multi-tenancy with row-level isolation enforced for every tenant on KNOWRIZ, designed so that no organization's documents are ever accessible to another tenant. LLM API calls are made for inference only — your source documents are not retained by external AI providers.

Database-level row isolation enforced for every tenant (KNOWRIZ)

Tenant-level document corpus isolation — no cross-tenant data access

LLM providers receive inference requests only — source documents never leave your tenant

Student Data Protection

  • Student data collected only for the purpose of learning analytics and course delivery
  • No student data sold, shared with third parties, or used for advertising
  • Parental consent mechanisms for learners under 18 (where applicable)
  • GDPR and DPDPA 2023 data subject rights — access, correction, and erasure within 30 days
  • Data minimization — we collect only what is necessary

Infrastructure Security

  • Cloud infrastructure with enterprise-grade security controls
  • Network segmentation and private VPC architecture
  • DDoS protection and rate limiting at the edge
  • Automated vulnerability scanning and patch management
  • Redundant infrastructure and automated failover, engineered for high availability
  • Automated backups with 30-day retention and point-in-time recovery
  • Continuous uptime monitoring and anomaly detection

Application Security

OWASP Top 10 mitigations on all AI platform services

Input validation before all AI model calls — no raw pass-through

Prompt injection defenses on all AI-powered features

Regular dependency audits and CVE scanning

Penetration testing planned as we scale to production

Responsible disclosure policy

AI Security

Our AI platforms implement additional controls to ensure AI safety and data integrity.

System prompts treated as secrets — never echoed or exposed in API responses

Output sanitization on all AI responses before rendering (XSS prevention)

Human-in-the-loop approval for all irreversible AI actions

AI model API calls logged with model ID, timestamp, and action type

Rate limiting on all AI inference endpoints to prevent abuse

Data Residency

United States

Primary

EU Region

Planned

India Region

Planned

Security Practices

  • Regular internal security audits throughout the development lifecycle
  • Penetration testing planned as DeveloperBootstrap, KNOWRIZ, Docemora, and MathuAI scale to general availability
  • Incident response plan with defined escalation paths and educator/institution notification procedures
  • Third-party security assessments planned post-launch for institution-facing products
  • Security incorporated throughout the software development lifecycle (SDLC) — not bolted on after release

Responsible Disclosure

If you discover a security vulnerability in CloudServe Labs, please report it to [email protected]. We respond within 72 hours and follow coordinated disclosure practices.

We do not pursue legal action against researchers who act in good faith and follow this disclosure process.

Security Questions?

For security inquiries or to report vulnerabilities:

[email protected]