Vauban AI's cloud Security & Compliance
Our customers trust Vauban AI to protect their data, requiring a service that is highly available and secure. As a Vauban AI customer, you benefit from a service designed, maintained, and monitored to meet rigorous security, compliance, and privacy requirements.
Vauban AI operates with complete independence from third-party services.
Our proprietary servers run in secure, climate-neutral European datacenters that are not subject to the US Foreign Intelligence Surveillance Act (FISA).
Security Features
IP Allowlist: Restrict access to specified IP addresses.
Role-Based Access Control (RBAC): Enforce least privileged access with an unlimited number of API Keys having each their own private dataset.
Single Sign-On (SSO): Integrations with SSO providers for strong authentication.
Multi-Factor Authentication (MFA): Native support for strong MFA.
Audit Logging: Comprehensive logs of security-related events pluggable to your SIEM platform.
Private Peering and VPN: Prevent exposure to the public internet by directly connecting your network to Vauban AI's platform.
Data Encryption, Handling & Vulnerability assessment
Tunnel encryption: Encrypt all data exchange using TLS 1.3 with HSTS and Quantum-Safe encryption (PQC).
Data Handling Best-practices: Live processing in memory of data used in our RAG, only embeddings are kept, metadata are encrypted. Vauban is the first encrypted RAG as a Service available.
Logs: No internal logging of queries or response content.
Penetration Testing: Annual security, vulnerability, and penetration testing by third parties as part of our compliance effort.
Vulnerability Disclosure Program: Partnering with a third-party service in order to continuously let security researchers improve our platform’s security.
Compliance at heart
Vauban AI adheres to the stringent requirements of GDPR and the European AI Act, ensuring robust data protection and ethical AI practices across the European Economic Area. Our compliance framework includes comprehensive measures for data privacy, security, and transparency, enabling us to meet the highest standards in data protection and AI regulation. This commitment not only safeguards personal data but also promotes responsible AI deployment, aligning with the latest European legislative frameworks to protect user rights and maintain trust.
Vauban AI aims to be fully compliant with ISO 27001, demonstrating our commitment to the highest standards of information security management. This certification ensures that our processes, policies, and controls are robust and effective in protecting sensitive information. By adhering to ISO 27001, we safeguard against data breaches, minimize risks, and continuously improve our security practices. This compliance will provide our customers with confidence in our ability to securely handle and protect their data, aligning with global best practices for information security management.
Vauban AI will ensure compliance with HDS (Hébergement de Données de Santé) and ISO/IEC 27701:2019, demonstrating our commitment to the highest standards of health data security and privacy management. HDS certification guarantees that our infrastructure and processes meet the stringent requirements for hosting health data in France, while ISO/IEC 27701:2019 provides a comprehensive framework for managing personally identifiable information (PII). These certifications will ensure that we maintain robust data protection measures, safeguarding sensitive health information and adhering to global best practices for data privacy and security.
Vauban AI aims to be fully compliant with both SecNumCloud and the European Union Cybersecurity Certification Scheme for Cloud Services (EUCS), ensuring the highest standards of security and data protection. SecNumCloud certification, issued by ANSSI, confirms that our cloud services meet stringent French governmental security requirements, including robust encryption and continuous monitoring. Additionally, our alignment with the upcoming EUCS will guarantee that our services adhere to rigorous EU-wide cybersecurity standards, covering data protection, incident management, and security monitoring. These certifications will provide our customers with a secure, reliable, and trusted cloud environment across Europe.