Security

Security and Compliance

This page was last updated on Dec 30, 2024.

‍

Network Security
TierZero AI's production services are hosted on leading cloud infrastructure providers, such as Amazon AWS. To safeguard our network perimeter, we leverage Amazon's Virtual Private Cloud (VPC), web application firewalls, and routine vulnerability scans.

‍

Data Protection
TierZero AI employs robust cryptographic measures for processing and storing data, adhering to industry standards. All TierZero web traffic over public networks is encrypted in transit using the TLS v1.2 protocol, while encryption at rest is conducted with AES-256.

‍

Access Control
TierZero AI enforces strict access control policies, maintaining comprehensive audit logs of all activities, errors, and warnings in production systems. We implement single sign-on (SSO) and two-factor authentication (2FA) to manage application access securely. Access levels are granted based on the principle of least privilege and utilize Role-Based Access Control (RBAC).

‍

Responsible Disclosure Program
At TierZero AI, customer security is a top priority. Our team conducts rigorous testing and strives to write secure, high-quality code. However, we recognize that bugs may still occur. We encourage responsible disclosure of vulnerabilities or issues by the community. Please report any findings to security@tierzero.ai

‍

SECURITY

Last updated January 01, 2025

1. Data Encryption

We use industry-leading encryption protocols to protect your data in transit and at rest. Our platform employs AES-256 encryption for stored data and TLS 1.2+ for data transmission, ensuring that your sensitive information remains secure.

2. Access Controls & Authentication

To prevent unauthorized access, we enforce strict access controls, including multi-factor authentication (MFA) and role-based access permissions. User authentication is handled through secure mechanisms to safeguard accounts and prevent security breaches.

3. Network Security

Our infrastructure is protected with advanced firewalls, intrusion detection and prevention systems (IDS/IPS), and regular vulnerability scans. We monitor our network continuously to detect and mitigate potential threats.

4. Compliance & Regulatory Adherence

TierZero AI complies with major data protection regulations, including GDPR, CCPA, and other relevant industry standards. We ensure that our security practices align with global compliance requirements to protect user privacy.

5. Secure Development Practices

Our development team follows secure coding guidelines and conducts regular security audits to identify and address potential vulnerabilities. We use automated and manual security testing to maintain the highest levels of software security.

6. Incident Response & Monitoring

We have a dedicated security team that actively monitors for threats and responds to security incidents promptly. In the event of a breach, we have a structured incident response plan to mitigate risks and notify affected users as required by law.

7. Data Retention & Deletion

We retain user data only as long as necessary to provide our services. Users have the right to request data deletion in accordance with our Privacy Policy. Secure deletion methods are employed to prevent unauthorized recovery of deleted data.

8. Third-Party Security & Integrations

TierZero AI ensures that any third-party services or integrations we use comply with stringent security standards. We conduct security assessments on vendors to verify their compliance with our security requirements.

9. User Responsibility & Best Practices

We encourage users to follow security best practices, such as using strong passwords, enabling MFA, and avoiding sharing account credentials. Our team provides resources and guidance to help users protect their accounts.