Security Policy

1. Overview

ThreatSpot AI works to protect the confidentiality, integrity, and availability of data processed through the Service.

2. Organizational Controls

• Role‑based access controls with least‑privilege permissions where possible.
• Multi‑factor authentication for privileged access where supported.
• Security training and awareness for relevant personnel.

3. Technical Controls

• Encryption in transit using TLS for web and API traffic.
• Segregated environments for development, testing, and production.
• Logging of authentication, scan activity, and administrative actions.

4. Vulnerability Management

We apply security patches and updates on a regular schedule and use automated tools to identify known vulnerabilities.

5. Incident Response

We maintain processes to detect, respond to, and remediate security incidents. Where required, we will notify affected customers and regulators in line with applicable laws.