At Guardi Algo PBC, security is not just a feature but a foundational principle. As a company focused on AI safety, we understand the critical importance of maintaining robust security practices in all aspects of our operations.
This Security Policy outlines our commitment to protecting your data, our systems, and our services from unauthorized access, disclosure, or damage.
1. Our Security Commitment
Guardi Algo PBC is committed to:
- Implementing industry-leading security practices
- Continuously monitoring and improving our security posture
- Proactively identifying and addressing potential vulnerabilities
- Prioritizing the confidentiality, integrity, and availability of client data
- Maintaining transparency about our security practices (without compromising security)
2. Infrastructure Security
We maintain secure infrastructure through:
- Hosting our services on secure, industry-standard cloud platforms with appropriate security certifications
- Implementing network segmentation and firewalls
- Using encrypted connections (TLS/SSL) for all data transmission
- Regular security patching and updates
- Redundant systems and disaster recovery procedures
3. Data Security
We protect your data through:
- Encryption of data both in transit and at rest
- Secure backup procedures
- Strict access controls based on the principle of least privilege
- Data retention policies that minimize unnecessary storage of sensitive information
- Secure data deletion practices when data is no longer needed
4. Application Security
Our software development practices include:
- Security review during all phases of the development lifecycle
- Regular code reviews and static code analysis
- Penetration testing and vulnerability scanning
- Secure coding practices and developer security training
- Third-party dependency monitoring and management
5. Authentication and Access Controls
We secure access to our systems through:
- Strong password policies
- Multi-factor authentication (MFA) for all privileged access
- Role-based access control (RBAC)
- Regular access reviews and prompt removal of access when no longer needed
- Secure session management
6. Monitoring and Incident Response
Our security operations include:
- 24/7 monitoring of our systems and services
- Comprehensive logging and audit trails
- Automated alerts for suspicious activities
- A documented incident response plan
- Regular testing of our incident response procedures
7. Employee Security
We maintain a security-conscious workforce through:
- Background checks for all employees
- Regular security awareness training
- Clear security policies and procedures
- Need-to-know access policies
- Secure remote work practices
8. Compliance and Third-Party Assessments
We validate our security through:
- Regular internal security audits
- Third-party security assessments
- Compliance with relevant industry standards and regulations
- Security questionnaires and documentation for client due diligence
9. Vulnerability Disclosure Policy
We believe in the importance of coordinated vulnerability disclosure. If you believe you have found a security vulnerability in our systems or services, we encourage you to report it to us confidentially.
Please email [email protected] with details of the vulnerability. We request that you:
- Provide sufficient information to reproduce the issue
- Allow us reasonable time to address the vulnerability before any public disclosure
- Avoid accessing, modifying, or destroying data belonging to others
We commit to acknowledging receipt of vulnerability reports within 24 hours and providing periodic updates about our progress. We do not offer bug bounties at this time, but we will publicly acknowledge security researchers who report vulnerabilities responsibly, if they wish to be credited.
10. Contact Information
For security-related inquiries or to report security concerns, please contact:
Security Team
Guardi Algo PBC
Email: [email protected]
For general inquiries about our security practices or to request our security documentation, please contact [email protected].