Security

Last updated:

1. Security by Design

At Scudo AI, security is not an afterthought—it's the foundation of our architecture. Our Private AI solutions are specifically designed for organizations where security and data sovereignty are paramount concerns.

2. Air-Gapped Operation

Our solutions are designed to operate in isolation from the internet:

  • No internet required: Systems function offline
  • Configurable network egress: No outbound traffic in air-gapped configuration
  • Physical isolation: Deploy in air-gapped networks
  • No cloud dependencies in standard configuration: Runs on your hardware

This architecture significantly reduces remote attack surface.

3. Data Protection

Data at Rest

  • All data remains on your hardware
  • Support for encrypted storage volumes
  • Customer-controlled encryption keys

Data in Transit

  • TLS 1.3 for any local network communication
  • No external data transmission in standard configuration
  • Certificate-based authentication available

Data Access

  • Role-based access control (RBAC)
  • Comprehensive audit logging
  • Configurable retention policies

4. Development Security

Our software development follows security best practices:

  • Secure SDLC: Security integrated throughout development
  • Code review: All changes reviewed before deployment
  • Dependency scanning: Automated vulnerability detection
  • Regular updates: Security patches and updates provided

5. Incident Response

In the event of a security incident:

  • Immediate assessment and containment
  • Affected customers notified without undue delay, consistent with Art. 33(2) GDPR (processor-to-controller obligation). Where Scudo acts as controller, the 72-hour DPA notification under Art. 33(1) GDPR applies.
  • Root cause analysis
  • Remediation and prevention measures
  • Post-incident report provided to affected customers

6. Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please contact us at:

Email: security@scudoai.com

Please provide:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Your contact information (optional)

We aim to acknowledge reports within 48 hours and provide updates on remediation.

7. Contact

For security-related inquiries:

Security Team: security@scudoai.com
General: office@scudoai.com