Skip to content
Valtair
Security

Security

Valtair builds and operates AI products, so security is part of how we engineer, not a page we bolt on. This is our approach to handling data and running infrastructure. Specifics for a given engagement are shared under the engagement.

Data handling

  • Collect only the data a system needs to do its job.
  • Separate client data by tenant and by environment.
  • Define retention and deletion for each type of data.

Encryption and infrastructure

  • Encrypt data in transit and at rest.
  • Run on managed cloud infrastructure with least-privilege defaults.
  • Keep production isolated from development and staging.

Access and secrets

  • Role-based access control, granted on need.
  • Secrets held in a managed secret store, never in code.
  • Access reviewed and revoked when it is no longer needed.

Vendors and backups

  • Review third-party providers before we rely on them.
  • Back up critical data and check that restores work.
  • Prefer providers that do not train on customer data by default.

Secure development and response

  • Code review and dependency checks as part of delivery.
  • Monitoring and alerting on production systems.
  • A defined path for handling and communicating incidents.
FAQ

Common questions

Do you hold certifications like SOC 2 or ISO 27001?
We describe the practices we follow rather than claim certifications we do not hold. If your project requires a specific standard, tell us and we will be honest about where we stand and what it would take to meet it.
Is our data used to train models?
We prefer providers and configurations that do not train on customer data, and we confirm this per engagement based on the providers involved.
How are prompts and outputs handled?
Prompts and outputs are treated as client data: separated by tenant, encrypted, and retained only as long as the system needs them, per the terms of the engagement.
Can you support data residency requirements?
Where the underlying providers support it, we can deploy in a chosen region. We confirm what is possible for your requirements before committing.

Questions about Security?

We are happy to walk through how this applies to your project before you commit to anything.

Discuss a product