Security
Security and Compliance
Network Security
TierZero AI's production services are hosted on leading cloud infrastructure providers, such as Amazon AWS. To safeguard our network perimeter, we leverage Amazon's Virtual Private Cloud (VPC), web application firewalls, and routine vulnerability scans.
Data Protection
TierZero AI employs robust cryptographic measures for processing and storing data, adhering to industry standards. All TierZero web traffic over public networks is encrypted in transit using the TLS v1.2 protocol, while encryption at rest is conducted with AES-256.
Access Control
TierZero AI enforces strict access control policies, maintaining comprehensive audit logs of all activities, errors, and warnings in production systems. We implement single sign-on (SSO) and two-factor authentication (2FA) to manage application access securely. Access levels are granted based on the principle of least privilege and utilize Role-Based Access Control (RBAC).
Responsible Disclosure Program
At TierZero AI, customer security is a top priority. Our team conducts rigorous testing and strives to write secure, high-quality code. However, we recognize that bugs may still occur. We encourage responsible disclosure of vulnerabilities or issues by the community. Please report any findings to security@tierzero.ai
1. Data Encryption
We use industry-leading encryption protocols to protect your data in transit and at rest. Our platform employs AES-256 encryption for stored data and TLS 1.2+ for data transmission, ensuring that your sensitive information remains secure.
2. Access Controls & Authentication
To prevent unauthorized access, we enforce strict access controls, including multi-factor authentication (MFA) and role-based access permissions. User authentication is handled through secure mechanisms to safeguard accounts and prevent security breaches.
3. Network Security
Our infrastructure is protected with advanced firewalls, intrusion detection and prevention systems (IDS/IPS), and regular vulnerability scans. We monitor our network continuously to detect and mitigate potential threats.
4. Compliance & Regulatory Adherence
TierZero AI is SOC 2 Type II certified, and complies with major data protection laws, including GDPR and CCPA. We ensure that our security practices align with global compliance requirements to protect user privacy.
5. Secure Development Practices
Our development team follows secure coding guidelines and conducts regular security audits to identify and address potential vulnerabilities. We use automated and manual security testing to maintain the highest levels of software security.
6. Incident Response & Monitoring
We have a dedicated security team that actively monitors for threats and responds to security incidents promptly. In the event of a breach, we have a structured incident response plan to mitigate risks and notify affected users as required by law.
7. Data Retention & Deletion
We retain user data only as long as necessary to provide our services. Users have the right to request data deletion in accordance with our Privacy Policy. Secure deletion methods are employed to prevent unauthorized recovery of deleted data.
8. Third-Party Security & Integrations
TierZero AI ensures that any third-party services or integrations we use comply with stringent security standards. We conduct security assessments on vendors to verify their compliance with our security requirements.
9. Guidelines for Sub-Processors
Sub-processors engaged by TierZero must meet the same security, privacy, and compliance standards imposed on TierZero, including maintaining an active SOC 2 Type II certification. They must be contractually bound to protect confidential and customer data in accordance with TierZero's Data Management, Access Control, and Third-Party Management Policies. Sub-processors are required to: (1) undergo security and privacy due diligence prior to engagement; (2) store and process data only in approved regions and secure environments; (3) implement access controls, encryption, and audit logging; (4) follow TierZero's data retention and disposal timelines; and (5) notify TierZero promptly of any incidents, breaches, or material changes to their services. No sub-processor may be used without prior written approval and execution of a data processing agreement (DPA) that includes these requirements.
10. User Responsibility & Best Practices
We encourage users to follow security best practices, such as using strong passwords, enabling MFA, and avoiding sharing account credentials. Our team provides resources and guidance to help users protect their accounts.
Contact Security Team
For security-related inquiries, vulnerability reports, or any security concerns, please contact our security team:
Email: security@tierzero.ai
Security Resources
For more detailed information about our security practices: