Security

Security is at the core of Netallion AI Assurance. We've built our platform with defense-in-depth principles to protect your data.

No Raw Secrets Storage

We never store raw secrets or credentials. Only SHA-256 hashes, masked fragments (last 4 chars), and redacted snippets are retained.

Encryption in Transit

All data is encrypted using TLS 1.2+ in transit. API communications use HTTPS with certificate pinning.

Tamper-Evident Audit Logs

Hash-chain audit logging ensures complete integrity. Any modification to audit records is immediately detectable.

Azure-Native Infrastructure

Hosted on Microsoft Azure with enterprise-grade security controls, SOC 2 certified infrastructure.

Role-Based Access Control

Fine-grained permissions ensure users only see what they need. Supports Azure AD SSO integration.

Responsible Disclosure

We maintain a security vulnerability disclosure program. Report issues to security@netallion.ai.

Data Protection Principles

1

Minimize Collection

We only collect what's necessary to provide the service. Customer log content is processed but not stored in raw form.

2

Hash & Mask

Detected secrets are immediately hashed. Only masked fragments are stored for verification purposes.

3

Redact & Alert

Findings contain redacted snippets with sensitive content removed. You get context without exposure.

4

Retain Minimally

Data retention is configurable by plan. Customers can request deletion at any time.

Report a Vulnerability

If you discover a security vulnerability in Netallion AI Assurance, please report it responsibly.

  • Email: security@netallion.ai
  • Response time: We aim to acknowledge reports within 24 hours
  • Disclosure: Please allow us reasonable time to investigate before public disclosure

We appreciate responsible security researchers who help us keep Netallion AI Assurance safe.