Data Security

Last Updated: May 2025

At Unarvu AI, security is not an afterthought — it is embedded into every layer of our architecture, from edge hardware to cloud infrastructure. This document outlines our technical and organizational security measures.

1. Infrastructure Security

Our systems are hosted on Malaysia-based infrastructure with the following security controls:

• Network segmentation and VLAN isolation for production environments
• Firewalls with deny-by-default rules and restricted port access
• Regular vulnerability scanning and penetration testing
• DDoS protection and traffic anomaly detection
• 24/7 infrastructure monitoring with automated alerting

2. Data Encryption

We employ encryption at rest and in transit:

• In Transit: All data transmission uses TLS 1.3 with strong cipher suites
• At Rest: Databases and file storage use AES-256 encryption
• Key Management: Encryption keys are stored in hardware security modules (HSM) or equivalent secure key stores

3. Access Control

Access to customer data and production systems is strictly controlled:

• Role-based access control (RBAC) with principle of least privilege
• Multi-factor authentication (MFA) required for all administrative access
• Unique user accounts — no shared credentials
• Regular access reviews and automatic deprovisioning upon role change
• IP whitelisting for critical administrative interfaces

4. Edge Security

Our edge AI deployments incorporate dedicated security measures:

• On-Device Processing: Sensitive video and operational data is processed locally. Only metadata, alerts, and aggregated insights are transmitted to the cloud
• Encrypted Communication: Edge-to-cloud communication uses TLS 1.3 with certificate pinning
• Secure Boot: Edge devices verify boot chain integrity before loading firmware
• Unique Credentials: Each edge device has cryptographically generated unique credentials. No default passwords
• Physical Tamper Detection: Hardware enclosures with tamper-evident seals where applicable

5. AI Model Security

We protect our AI models and their outputs with specialized controls:

• Model Weights Protection: Trained model weights are encrypted at rest. Access restricted to authorized engineers only
• Cryptographic Signing: All model deployments are cryptographically signed. Edge devices verify signatures before loading models
• Adversarial Defense: Input validation, rate limiting, and anomaly monitoring on inference APIs to detect and block adversarial inputs
• Model Provenance: Complete chain of custody for all model versions — who trained, on what data, with what parameters

6. Audit Logging

We maintain comprehensive audit logs across all systems:

• Model Training Logs: Who initiated training runs, what data was used, parameters, timestamps, and outcomes
• Inference API Logs: API call timestamps, source IP, request volume, response times, and error rates
• Data Access Logs: Who accessed what customer data, when, from where, and for what purpose
• Retention: Audit logs retained for 12 months in tamper-evident storage with integrity verification

7. Incident Response

We maintain a documented incident response plan:

• 24/7 security monitoring with automated threat detection
• Defined escalation procedures and response team roles
• Customer notification within 72 hours of confirmed security incidents affecting their data
• Post-incident reviews and corrective action tracking

8. Business Continuity

We implement measures to ensure service availability and data resilience:

• Automated daily backups with encrypted off-site storage
• Disaster recovery plans with defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)
• Redundant infrastructure for critical services
• Annual disaster recovery drills and plan updates

9. Third-Party Security

We vet all third-party service providers for security compliance:

• Security assessments before onboarding new vendors
• Data Processing Agreements (DPAs) with all data processors
• Annual security reviews of critical vendors
• No unauthorized subprocessors without customer notification

10. ISO 27001 Certification

Unarvu AI operates under the Information Security Management System (ISMS) of Cre8IOT Sdn. Bhd., which is ISO 27001 certified. This certification covers:

• Risk assessment and treatment methodology
• Information security policies and procedures
• Asset management and classification
• Human resource security and awareness training
• Physical and environmental security
• Operations security and change management

11. Security Reporting

If you discover a security vulnerability or incident related to Unarvu AI services, please report it immediately to:

Email: hello@unarvu.ai
Subject: Security Incident Report

We are committed to responsible disclosure and will acknowledge receipt within 24 hours and provide a preliminary assessment within 72 hours.