Used and trusted by a myriad of large organizations worldwide
Data and Information Security
enterprise-grade security features and certificates
SOC 2 Compliance
Because adam.ai is fully compliant with SOC 2 certification, you can rest assured that your content and files are well-protected, which further enhances our commitment to data security.
oAuth 2.0 Authentication
All third-party integrations utilize the industry-standard oAuth 2.0 authentication, ensuring secure data syncing between systems.
GDPR Compliance
As it's compliant with industry standards and regulations such as GDPR, adam.ai ensures the protection of both enterprise and customer data.
Data Encryption
All application data, files, and database content are encrypted at rest. Uploaded files receive an additional layer of security with 256-bit AES encryption.
User Passwords
User passwords are safeguarded with Salt and hashed multiple times, providing robust protection against unauthorized access.
Data protection
Data at rest
Along with cloud storage buckets, every datastore that contains client data is secured at rest. Row-level encryption is also used by sensitive collections and tables. Consequently, neither physical access to the database nor logical access to the database are sufficient to read the most sensitive data because the data is encrypted even before it reaches the database.
Data in transit
Every time data is transmitted to our services, adam.ai employs TLS 1.2 or a later version. To increase the security of our data while it is in transit, we additionally use features like HSTS (HTTP Strict Transport Security). Cloudflare manages the server TLS keys and certificates, and they are distributed using application load balancers.
Secret management
Application secrets are securely encrypted and kept in key vault service, with only authorized users having access to these values. Also we leverage detailed audit logs that track who accessed which secrets and when for compliance purposes and for detecting any unusual or unauthorized activity.
Enterprise security
Endpoint protection
All business devices have mobile device management software installed on them as well as anti-malware security. To enforce secure endpoint configuration, including password manager, disc encryption, screen lock configuration, and software upgrades, we employ MDM software.
Secure remote access
adam.ai protects remote access to internal resources with sophisticated identity-aware-proxy technology, an access tool utilized by the development team for SSH, Kubernetes, databases, internal web applications, and Windows. We avoid phishing by relying on biometrics and machine identification, and its zero-trust design prevents attacker pivots
Security education
- adam.ai provides comprehensive security training to all employees upon onboarding and annually through educational modules within the Vanta platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles.
- adam.ai’s security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.
Identity and access management
- adam.ai secures our identity and access management with Azure AD. We mandate the usage of phishing-resistant authentication factors, and if feasible, we employ SSO.
- Customer data is only accessible to authorized workers who need it for operational and maintenance purposes.
- Employees at adam.ai are allowed access to applications based on their function and are automatically deprovisioned upon cessation of employment. Additional access must be granted in accordance with the policies established for each application.
Vendor security
adam.ai approaches vendor security from a risk-based perspective. A vendor's inherent risk rating is influenced by the following factors:
- Access to customer and corporate data
- Integration with production environments
- Potential harm to the Adam.ai brand
Once the inherent risk rating has been determined, the security of the vendor is evaluated in order to determine a residual risk rating and an approval decision for the vendor.
Failover and disaster recovery
Our whole production infrastructure is structured with redundancies in highly available configurations dispersed across various availability zones. To retrieve crucial data, an auto-backup policy is in place.
Inventory and configuration
Terraform is used to keep infrastructure as code, with modifications happening through a procedure very similar to the application-level software development process. We employ distinct infrastructure for development, staging, and live environments, with no data sharing between them.
Monitoring and logging
We do thorough monitoring of infrastructure and application performance, which helps us spot problems before many clients do. Automated alerts with on-call schedules are set up, with escalation to all other members of the DevOps team.
Our security team use security monitoring to detect and respond to application assaults, abnormalities, and suspicious activity.