Trust. Security. Transparency.
At ekai, we safeguard your data with industry-best practices, clear policies, and continuous improvement through our self-hosted architecture.
Our Trust Commitments
Security First
Protecting infrastructure, applications, and data with industry-leading practices
Privacy & Compliance
Meeting global data protection regulations and maintaining customer data sovereignty
Transparency
Openly sharing policies, audits, and security controls with our customers
Continuous Improvement
Ongoing monitoring, testing, and security enhancements
Security & Infrastructure
Infrastructure & Network Security
Self-hosted in customer cloud environments with comprehensive access controls, monitoring, and system hardening
- Customer retains full control of infrastructure
- Network segmentation and firewall protection
- DDoS protection and monitoring
- AWS WAF with customizable rules
- Unique authentication and MFA for all production systems
- Authorized access controls for databases, OS, and network components
- Prompt access revocation upon personnel termination
- Encrypted remote access with mandatory MFA
- Intrusion detection and comprehensive log management
- Infrastructure monitoring with real-time alerts
- Network and system hardening standards maintained
- Annual security reviews and hardening assessments
Application Security
Secure coding standards, continuous vulnerability scanning, and third-party security assessments
- Continuous vulnerability scanning
- Secure coding standards and code reviews
- Third-party security assessments by Defang
- Automated security testing in CI/CD pipeline
Encryption & Data Protection
TLS 1.2+ for data in transit, AES-256 encryption at rest with comprehensive data lifecycle management
- TLS 1.2+ for all data transmission
- AES-256 encryption at rest
- AWS Key Management Service integration
- Customer-controlled encryption keys
- Data classification and access restriction to authorized personnel
- Data retention and disposal procedures established
- Customer data deletion upon service exit
- Sensitive data handling protocols
- Data sovereignty maintained in customer environment
Identity & Access Management
SSO integration with customer identity providers and MFA enforcement
- Single Sign-On (SSO) integration
- Google, Microsoft, and custom identity providers
- Multi-Factor Authentication (MFA) support
- Role-based access control (RBAC)
Incident Response & Monitoring
Formal incident response plan with customer-initiated incident management
- Formal incident response procedures
- Customer-initiated incident management
- 24-hour SLA for enterprise support
- Comprehensive logging and monitoring
Vulnerability & Penetration Testing
Continuous vulnerability scanning with independent security assessments
- Continuous vulnerability scanning
- Independent security assessments by Defang
- Regular penetration testing
- Automated security monitoring
Organizational Security
Comprehensive personnel controls, asset management, and physical security measures
- Background checks for all personnel with access to production systems
- Security awareness training and annual performance evaluations
- Code of conduct and confidentiality agreements
- Production inventory maintained and regularly updated
- Portable media encryption and mobile device management (MDM)
- Visitor sign-in procedures and badge requirements
- Escorted access to secure areas enforced
- Physical security controls and monitoring
Internal Security Procedures
Business continuity, change management, governance, and incident response procedures
- Business continuity and disaster recovery plans documented and tested
- Cybersecurity insurance coverage maintained
- Authorized, documented, and reviewed change management procedures
- Production deployment restrictions and testing requirements
- Defined security roles and maintained security policies
- Board oversight and regular risk assessments conducted
- Vendor management and third-party risk assessments
- Formal incident management policies and procedures
- Data backup procedures and system change communication
- Support resources and service commitments communicated to customers
Compliance & Certifications
Since ekai is deployed in your environment, it leverages the compliance and security certifications already in place within your hosting infrastructure, including SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR where applicable.
We implement all necessary measures by default to help you maintain and support these compliance standards.
