Security at adam.ai

We, at adam.ai, place security at the core of what we do and believe that it is essential to keeping our promise to our users. We have procedures, checks, and audits in place to systematically help guarantee everyone uses our service in a secure and safe manner.

Used and trusted by a myriad of large organizations worldwide

Data and Information Security

enterprise-grade security features and certificates

SOC 2 Compliance

Because adam.ai is fully compliant with SOC 2 certification, you can rest assured that your content and files are well-protected, which further enhances our commitment to data security.

Visit Trust Center

oAuth 2.0 Authentication

All third-party integrations utilize the industry-standard oAuth 2.0 authentication, ensuring secure data syncing between systems.

GDPR Compliance

As it's compliant with industry standards and regulations such as GDPR, adam.ai ensures the protection of both enterprise and customer data.

Data Encryption

All application data, files, and database content are encrypted at rest. Uploaded files receive an additional layer of security with 256-bit AES encryption.

User Passwords

User passwords are safeguarded with Salt and hashed multiple times, providing robust protection against unauthorized access.

Data protection

Data at rest

Along with cloud storage buckets, every datastore that contains client data is secured at rest. Row-level encryption is also used by sensitive collections and tables. Consequently, neither physical access to the database nor logical access to the database are sufficient to read the most sensitive data because the data is encrypted even before it reaches the database.

Data in transit

Every time data is transmitted to our services, adam.ai employs TLS 1.2 or a later version. To increase the security of our data while it is in transit, we additionally use features like HSTS (HTTP Strict Transport Security). Cloudflare manages the server TLS keys and certificates, and they are distributed using application load balancers.

Secret management

Application secrets are securely encrypted and kept in key vault service, with only authorized users having access to these values. Also we leverage detailed audit logs that track who accessed which secrets and when for compliance purposes and for detecting any unusual or unauthorized activity.

Enterprise security

Endpoint protection

All business devices have mobile device management software installed on them as well as anti-malware security. To enforce secure endpoint configuration, including password manager, disc encryption, screen lock configuration, and software upgrades, we employ MDM software.

Secure remote access

adam.ai protects remote access to internal resources with sophisticated identity-aware-proxy technology, an access tool utilized by the development team for SSH, Kubernetes, databases, internal web applications, and Windows. We avoid phishing by relying on biometrics and machine identification, and its zero-trust design prevents attacker pivots

Security education

adam.ai provides comprehensive security training to all employees upon onboarding and annually through educational modules within the Vanta platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles.
adam.ai’s security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.

Identity and access management

adam.ai secures our identity and access management with Azure AD. We mandate the usage of phishing-resistant authentication factors, and if feasible, we employ SSO.
Customer data is only accessible to authorized workers who need it for operational and maintenance purposes.
Employees at adam.ai are allowed access to applications based on their function and are automatically deprovisioned upon cessation of employment. Additional access must be granted in accordance with the policies established for each application.

Vendor security

adam.ai approaches vendor security from a risk-based perspective. A vendor's inherent risk rating is influenced by the following factors:

Access to customer and corporate data
Integration with production environments
Potential harm to the Adam.ai brand

Once the inherent risk rating has been determined, the security of the vendor is evaluated in order to determine a residual risk rating and an approval decision for the vendor.

Failover and disaster recovery

Our whole production infrastructure is structured with redundancies in highly available configurations dispersed across various availability zones. To retrieve crucial data, an auto-backup policy is in place.

Inventory and configuration

Terraform is used to keep infrastructure as code, with modifications happening through a procedure very similar to the application-level software development process. We employ distinct infrastructure for development, staging, and live environments, with no data sharing between them.

Monitoring and logging

We do thorough monitoring of infrastructure and application performance, which helps us spot problems before many clients do. Automated alerts with on-call schedules are set up, with escalation to all other members of the DevOps team.

Our security team use security monitoring to detect and respond to application assaults, abnormalities, and suspicious activity.