Search for enterprise

Security &
Compliance

Last Updated: August 9, 2022.

Security and compliance are top priorities for ResoluteAI because they are fundamental to your experience with the product. ResoluteAI is committed to securing your application’s data, eliminating systems vulnerability, and ensuring continuity of access. ResoluteAI uses a variety of industry-standard technologies and services to secure your data from unauthorized access, disclosure, use, and loss.  

Below please find some additional information on ResoluteAI and its services:

  • Where is Nebula hosted? Is there a possibility to host in a separate instance or within the Client’s environment? 

ResoluteAI’s cloud instances are hosted in AWS in a single multi-tenant VPC. 

Note: for any other implementation, including a separate AWS VPC or hosting within a client’s environment, a full scoping of the deployment must be conducting for pricing purposes. Deployment in a client environment may exclude Foundation datasets.

  • Is file access restricted based on data source?

Yes. We control access to datasets and data sources at the source permissioning for each user. For Microsoft, we user Active Directory as our access control. 

  • Do you support SSO authentication?

We currently support Microsoft and Google SSO.

  • What is your data retention and destruction policy in relation to customer data? If a customer ends their contract with you how do you ensure their data is sanitised in such a manner that it is irrecoverable?

Customer data is completely erased upon a customer’s termination of service and requested deletion of account. Datasets can also be deleted upon request.

  • Do you use TLS1.2 protocol for securing data in transit? Along with this have you disabled other TLS and SSL protocol support?

TLS 1.2 is used for access to the ResoluteAI platform as well as for data transfer.

  • What type of encryption method is used to encrypt customer data?

Customer data is encrypted at rest using an XTS-AES-256 block cipher implemented in a hardware module.

 

Physical Access Control

ResoluteAI is hosted on Amazon Web Services. Amazon data centers feature a layered security model, including extensive safeguards. ResoluteAI employees do not have physical access to Amazon data centers, servers, network equipment, or storage.

PCI DSS

ResoluteAI’s payment and card information is handled by Spreedly and Stripe, which have been audited by independent PCI Qualified Security Assessors and are certified as PCI Level 1 Service Providers, the most stringent level of certification available in the payments industry.