top of page

Privacy & Security

At Brighty.ai, we value your trust and are committed to maintaining the highest standards of privacy and security for our clients. Our custom AI Chatbot solution is built using OpenAI's ChatGPT 4 and leverages AWS infrastructure to ensure robust data protection and security. This Privacy & Security Policy outlines the measures we take to safeguard your data.

 

 

Data Safeguards

We store your data on a fully managed and secure AWS infrastructure utilizing a multi-tenant Kubernetes cluster. The following data safeguards are in place:

  1. Customer data is stored in isolated containers.

  2. Customer data is encrypted at rest and in transit.

  3. Customer data is never used for any reason other than servicing API calls.

  4. Operational metrics are monitored to support the system's operational health and performance.

  5. Strict role-based access control (RBAC) for service engineers.

Additional Safeguards for Dedicated-Cloud Deployments

Enterprise customers can benefit from additional security measures, including:

  1. A dedicated AWS account for complete resource isolation.

  2. A dedicated, single-tenant Kubernetes cluster.

  3. Complete network isolation from the internet.

  4. AWS CloudTrail is enabled for audit logging.

Certifications and Compliance

  1. SOC2 Type II: Our solution is SOC2 Type II certified, audited by a Big4 CPA firm, ensuring compliance with Information Security, Availability, and Confidentiality Standards.

  2. GDPR: We are committed to supporting customers in their GDPR compliance efforts.

 

Penetration Tests

Our solution routinely undergoes third-party security reviews and remediates findings based on their criticality and prioritization. You can request executive summaries of findings by contacting us.

Policies, Guidelines, and Practices for Protecting Data

We adhere to strict policies, guidelines, and practices to protect your data. These include:

  1. Acceptable Use Policy

  2. Access Control Policy

  3. HR Policies and Procedures

  4. Software Development Lifecycle (SDLC) Best Practices

  5. Employee Access Lifecycle

     

Risk Assessment Process

We conduct an annual risk assessment process to identify, assess, and manage risks affecting our objectives. Action plans are tracked and communicated to appropriate personnel.

Incident Notification

In case of a security incident, our incident management team will take appropriate action, following applicable laws and regulations. The team includes executive management and relevant employees, as decided by executive management.
 

Monitoring
 

We employ various monitoring measures, including:
 

  1. Aggregating production environment audit logs from Kubernetes, storage, and networking components.

  2. Weekly code vulnerability scans and prompt remediation of critical issues.

  3. Quarterly external vulnerability scans of production environments.

  4. Archiving and analyzing production environment audit logs for threat detection.
     

Conclusion

Brighty.ai is dedicated to providing a secure and reliable custom AI Chatbot solution that respects your privacy. We continuously strive to improve our privacy and security practices, ensuring that your trust in our solution remains well-founded. If you have any questions or concerns regarding our Privacy & Security Policy, please feel free to contact us.

bottom of page