Security Policy

Last Updated: 28th November 2024

At Evermind AI, we understand the importance of keeping your data secure and confidential. We are committed to implementing robust security measures to protect your information.

1. Data Protection

We take data protection seriously and employ a variety of security measures to safeguard your personal and sensitive information. This includes:

• End-to-End Encryption: All data is encrypted during transmission and at rest using industry-standard encryption protocols.
• Access Controls: Access to sensitive data is restricted to a limited number of authorized personnel. All employees with access to production servers are required to use two-factor authentication.

2. Infrastructure Security

Our infrastructure is designed to be secure and resilient:

• Hosting: Evermind AI is hosted on secure Linode servers that adhere to the latest security standards. We regularly review our hosting provider's security policies to ensure compliance.
• Web Traffic Security: All web traffic is encrypted using TLS with RSA 2048-bit keys, ensuring that data transmitted between users and our servers is secure.

3. Software Security

Our application has been developed by experienced engineers and has been built on top of quality open-source software. The core application is built using Ruby on Rails and follows industry best practises.

We monitor our codebase for CVE's automatically as part of our continuous deployment process and apply security patches as soon as we are made aware. We also monitor for application errors in realtime and all issues are immediately escalated to our engineering team.

4. Backup Policy

To prevent data loss, we implement a comprehensive backup policy:

• Regular Backups: Data is backed up regularly to multiple locations to ensure redundancy.
• Retention Period: Backups are retained for 30 days and are securely deleted thereafter.

5. Incident Response

In the event of a security incident, we have established procedures to respond quickly and effectively:

• Incident Detection: We continuously monitor for potential security breaches and anomalies.
• Response Plan: Our incident response team is trained to handle security incidents, ensuring that appropriate actions are taken to mitigate risks and inform affected users.

6. User Responsibilities

Users also play a crucial role in maintaining security:

• Account Security: Users are encouraged to use strong passwords and change them regularly. They should also enable two-factor authentication where available.
• Data Handling: Users must ensure that any sensitive information shared with our platform is done securely and in compliance with applicable regulations.

7. Changes to This Security Policy

We may update this Security Policy from time to time. We will notify you of any changes by posting the new Security Policy on our website. Users are encouraged to review this policy periodically for any updates.

8. Contact Us

If you have any questions or concerns about this Security Policy or our security practices, please contact us at help@evermindai.com.