Legal

Security Policy

Effective Date: July 1, 2026 · CerebroHive OPC Pvt. Ltd.

1. Data Encryption

All data transmitted to and from CerebroHive services is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256. API keys and credentials are stored in encrypted secret management systems and never exposed in application code.

2. Access Control

We implement role-based access control (RBAC) across all internal systems. Access to client data is strictly limited to personnel who require it to deliver contracted services. All access events are logged and reviewed periodically.

3. LLM API Security

When integrating with external LLM providers on behalf of clients, we deploy private API gateway proxies that enforce token rate limits, PII redaction, and audit logging. Client data is never passed to public model providers without explicit contractual authorization.

4. Infrastructure Security

Our infrastructure is hosted on cloud platforms with SOC 2 Type II and ISO 27001 certifications. We conduct automated vulnerability scanning, dependency auditing, and penetration testing on a regular schedule.

5. Incident Response

CerebroHive maintains a documented Incident Response Plan. In the event of a security breach affecting client data, we will notify affected clients within 72 hours of becoming aware of the incident, as required by applicable regulations.

6. Responsible Disclosure

If you discover a security vulnerability in our systems, please report it responsibly to security@cerebro-hive.com. We commit to acknowledging your report within 48 hours and working to resolve confirmed vulnerabilities promptly.