Trust Center

We encrypt all data whether at rest or in motion using 256-bit TLS encryption regardless of classification. In addition we partition our data by customer and we use cloud native solutions such as azure key vault to manage encryption keys and secrets to provide maximum security in line with industry best practices.

We implement security into every phase of our software development lifecycle and use high-quality automated code and vulnerability analysis tools and services ensuring that configuration changes are strictly controlled and are subject to audit and approval. Unauthorized changes to production are automatically detected and escalated to security and operations teams using cloud-native network security mechanisms.

We use the latest in cloud computing and Serverless technology, leveraging the shared responsibility model of our cloud service provider to deliver the most secure infrastructure possible with built in redundancy across critical components, continuous monitoring, centralized logging and alerting for anomalous activity.

We process only the minimum data required to deliver our service using read-only permissions. TENET is designed to minimize data exposure and protect user privacy but also includes a data wipe mechanism allowing users to clear their data at any time ensuring that customer data remains private and under customer control.

We integrate AI responsibly across our platforms — protected by advanced security controls, built-in safeguards that prevent the processing of sensitive data, and measures that avoid storing conversation history. We apply strict access and restriction policies for high-risk systems and adhere to Responsible AI standards and best practices.

Documented runbooks for detection, triage, containment, eradication, and recovery. Post‑incident reviews with corrective actions and lessons learned. Customer notification without undue delay when an incident materially impacts their data.

We enforce the use of a Single Sign On (SSO) and phishing-resistant Multi Factor Authentication (MFA) on all our platforms. We utilize RBAC roles and short-lived tokens for access to cloud environments. Access to development and production environments is further restricted through the use of role based access control and the use of a zero-trust network access protocols.