DEVAI SUITE Back to Home

Security Overview

Effective Date: March 12th, 2026
Last Updated: March 12th, 2026

DevAI Suite is designed with administrative, technical, and organizational safeguards intended to protect customer data and support secure service delivery. This page provides a general overview of our security approach and is not a warranty or guarantee of specific controls.

We recommend structuring this page around the six NIST CSF 2.0 functions: Govern, Identify, Protect, Detect, Respond, and Recover.

1. Governance

We maintain internal accountability for security and access management. Security responsibilities are assigned within the organization, and access to systems and data is intended to follow least-privilege principles.

2. Identification and Risk Management

We seek to identify material systems, data flows, dependencies, and operational risks relevant to the Service. Vendor and infrastructure relationships are reviewed based on business need, security relevance, and operational dependency.

3. Protection

We design the Service to support appropriate protection measures, which may include:

  • logical access controls;
  • authentication and authorization controls;
  • role-based access principles;
  • encryption in transit and, where applicable, at rest;
  • secrets and credential management;
  • environment segregation where reasonably appropriate;
  • backup and recovery procedures;
  • personnel confidentiality obligations.

4. Secure Development and Change Management

We seek to improve security through controlled development and deployment practices, which may include code review, testing, configuration management, and operational change control.

5. Monitoring and Detection

We maintain logging, monitoring, and alerting capabilities appropriate to the Service and its operational profile to help identify suspicious activity, service disruption, misuse, and security events.

6. Incident Response

We maintain an incident response process intended to support investigation, containment, remediation, and internal escalation of security incidents.

Where legally required, and depending on the nature and impact of a personal-data breach, EU/UK-style rules may require notification without undue delay and within 72 hours after awareness.

7. Recovery and Resilience

We seek to maintain business continuity through backup, restoration, and recovery planning appropriate to our stage, architecture, and service commitments.

8. Shared Responsibility

Security is a shared responsibility. Customers are responsible for:

  • managing authorized users;
  • protecting credentials;
  • enabling available security settings;
  • validating outputs and workflows;
  • assessing what data they choose to upload to the Service.

9. Contact

Security-related questions may be sent to: info@devaisuite.com