AI Embedded Systems
Updated July 12, 2026

Security starts with a smaller, explicit data path.

This page describes our current operating approach. Project-specific controls belong in the written scope because data, hardware, providers, and risk differ by engagement.

Project controls

Decisions made before client data moves.

Data inventory

Identify the representative files, owner, sensitivity, format, storage location, and whether any material is restricted from use.

Access boundary

Use the least access required for the agreed workflow. Production-wide credentials are not a default pilot requirement.

Provider boundary

Document any managed model, storage, analytics, or hosting provider before it receives project data.

Local path

When data cannot leave the environment, model, storage, and evaluation can be designed for controlled local hardware where feasible.

Operating practices

Reviewable work, not invisible automation.

Secrets

Passwords, API keys, recovery codes, and private tokens do not belong in public forms, repositories, screenshots, or project notes.

Source control

Code changes, versions, configuration, and release notes are kept reviewable. Client secrets and private records are excluded from public source.

Human review

AI output that affects operations needs an agreed review or escalation path. Unsupported answers should not be presented as facts.

Retention and handoff

Project storage, deletion, return, and continuing access are defined in the proposal or project agreement, not assumed.

Current website

Public and private routes are separated.

Public inquiries

Forms use limited fields, bot controls, server-side validation, and a private company record for follow-up. Do not submit restricted data.

Company workspace

The workspace is not indexed or linked as an open signup. Access is enforced through Cloudflare Access for approved company users.

Browser security

The production site uses HTTPS, a restrictive content security policy, frame restrictions, content-type controls, and limited browser permissions.