Data inventory
Identify the representative files, owner, sensitivity, format, storage location, and whether any material is restricted from use.
This page describes our current operating approach. Project-specific controls belong in the written scope because data, hardware, providers, and risk differ by engagement.
Identify the representative files, owner, sensitivity, format, storage location, and whether any material is restricted from use.
Use the least access required for the agreed workflow. Production-wide credentials are not a default pilot requirement.
Document any managed model, storage, analytics, or hosting provider before it receives project data.
When data cannot leave the environment, model, storage, and evaluation can be designed for controlled local hardware where feasible.
Passwords, API keys, recovery codes, and private tokens do not belong in public forms, repositories, screenshots, or project notes.
Code changes, versions, configuration, and release notes are kept reviewable. Client secrets and private records are excluded from public source.
AI output that affects operations needs an agreed review or escalation path. Unsupported answers should not be presented as facts.
Project storage, deletion, return, and continuing access are defined in the proposal or project agreement, not assumed.
Forms use limited fields, bot controls, server-side validation, and a private company record for follow-up. Do not submit restricted data.
The workspace is not indexed or linked as an open signup. Access is enforced through Cloudflare Access for approved company users.
The production site uses HTTPS, a restrictive content security policy, frame restrictions, content-type controls, and limited browser permissions.
Report a site or project security concern to sohagan.dev@aiembeddedsystems.com. Do not include exploit code or sensitive records in the first email.