We build the security layer for AI — naturally, we hold ourselves to the same standards. This page describes the controls, processes and certifications that protect our customers and their data.
Every layer of our platform — infrastructure, application, data and access — is engineered around Zero Trust principles.
TLS 1.3 in transit, AES-256 at rest, customer-managed keys (BYOK) available on Enterprise.
SSO via SAML/OIDC, SCIM provisioning, mandatory MFA, fine-grained RBAC.
Strict tenant isolation with cryptographic boundaries between customer data planes.
24/7 detection, threat-intel feeds and automated response across our production estate.
Mandatory code review, dependency scanning, SAST/DAST and signed builds on every release.
Immutable audit trails for every administrative action, exportable to your SIEM.
Annually audited
InfoSec management
EU data protection
Healthcare ready
We deeply value the security community. If you believe you have discovered a vulnerability in any Nolgrim AI product or service, please report it to our security team. We commit to acknowledge your report within 48 hours and to remediate confirmed issues based on severity.
Out of scope: social engineering, denial of service, third-party services we do not control.
Send PGP-encrypted reports to security@nolgrim-ai.com. We will recognize your contribution publicly with your permission once the issue is resolved.
