Privacy & Security

Cybersecurity

Erudit AI takes the privacy and confidentiality of each employee really seriously, keeping their data 100% protected. We are strongly committed to the highest ethical standards.


Human privacy:

  • There is no human interaction with the employees’ data. 
  • The employees’ data is collected from the communication tools and processed by our Neural Networks, generating the outputs of the metrics.
  • We only store the outputs of the metrics, not the employees’ sensitive data.

Data protection:

  • Data is encrypted to guarantee the highest level of security.
  • Data at rest is secured using AES-256.
  • Transport Layer Security protocol is used.
  • Data is stored, backed and protected by Amazon Web Services (AWS), which complies with PCI ,SOC, FINRA and ISO-27001 standards.
  • OAuth 2.0 Protocol is used to connect to third-party data providers, such as G-Suite and Slack.
  • We securely store the authentication token that is generated by the service when the employee authorizes his access.
  • General Data Protection Regulation (GDPR) compliance.

Small & mid size business:

  • AES256 on the bases at rest.
  • TLSv1.3 in transport.
  • JSON Web Tokens RS256 for authentication.
  • Amazon Web Services (AWS) complies with ISO 27018, a code of conduct designed to protect personal data in the cloud. This extends the ISO 27001 information security standard to meet regulatory requirements for the protection of personally identifiable information (PII) in the public cloud computing environment and specifies implementation guidance based on controls of ISO 27002 that apply to PII processed by public cloud service providers. For more information about AWS ISO 27018 certification, see the AWS ISO 27018 Compliance web page.

In addition, AWS publishes a SOC 2 type I privacy report, based on the SOC 2 privacy and confidentiality principle, developed by the American Institute of CPA (AICPA), which determines the criteria for assessment controls related to the way in that personal information is collected, used, retained, disclosed and disposed of in order to meet the entity's objectives. The AWS SOC 2 Type I Privacy Report provides third-party accreditation of our systems and the adequacy of the design of our privacy controls, as outlined in our privacy notice. The scope of the privacy report includes information about how to manage the content you upload to AWS and how it is protected across all services and locations that are scoped to the latest AWS SOC reports. The SOC 2 Type I Privacy Report can be downloaded using AWS Artifact in the AWS Management Console.

Corporate:

  • Implementation of Erudit AI’s architecture with Kubernetes K8s in the company’s server.
  • Meets by default all the requirements that the client meets prior to our implementation.

NEXT
Data privacy compliance
Got any suggestions?
Let us know!