Security is foundational to everything we build at ReBi AI. Our enterprise clients entrust us with sensitive data and critical business processes. This page describes our security posture, the controls we apply, and how to report a vulnerability responsibly.
Our Security Principles
🔒
Encryption Everywhere
All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256.
🛡️
Least Privilege Access
Role-based access controls (RBAC) are enforced across all platforms. Access is granted on a need-to-know basis and reviewed regularly.
📋
Compliance Frameworks
Our platform and delivery practices are designed to support SOC 2 Type II, ISO 27001, GDPR, HIPAA, and CCPA compliance requirements.
🔍
Continuous Monitoring
We operate 24/7 threat monitoring, anomaly detection, and automated alerting across our infrastructure and client deployments.
Platform Security Controls
Security is built into every layer of the ReBi AI platform stack:
- Authentication — Multi-factor authentication (MFA) enforced for all platform access. Support for SAML 2.0 and OpenID Connect (OIDC) for enterprise SSO integration.
- Authorisation — Fine-grained RBAC with attribute-based policy enforcement. Audit logs capture all access and data operations.
- PII Protection — The ReBi AI Gateway includes automated PII detection and redaction before data reaches any LLM endpoint.
- Data Isolation — Multi-tenant deployments enforce strict logical data isolation. Dedicated single-tenant deployments are available for clients with heightened requirements.
- Audit Trails — Immutable, tamper-evident audit logs for all platform actions, retainable for client-defined periods.
- Penetration Testing — We conduct regular third-party penetration tests and share executive summaries with enterprise clients under NDA upon request.
- Vulnerability Management — Dependencies are continuously scanned for CVEs. Critical patches are applied within 24 hours of release.
- Incident Response — A documented incident response plan covers detection, containment, eradication, recovery, and post-incident review. Enterprise clients are notified of any security incident affecting their data within 72 hours.
Infrastructure Security
ReBi AI's infrastructure runs on leading cloud providers (AWS, Azure, GCP) and benefits from their underlying physical and network security certifications. We apply additional controls including:
- Network segmentation and private VPC configurations
- Web Application Firewall (WAF) and DDoS mitigation at the edge
- Infrastructure-as-code with automated security policy enforcement
- Secrets management via dedicated vaulting solutions (no hardcoded credentials)
- Immutable infrastructure patterns to minimise persistent attack surface
Employee Security
- Background checks conducted for all employees with access to client data
- Mandatory security awareness training upon onboarding and annually thereafter
- Endpoint security (MDM, disk encryption, EDR) on all company devices
- Strict clean-desk and data-handling policies
Responsible Disclosure
If you believe you have discovered a security vulnerability in our website or platforms, we encourage responsible disclosure. Please email a description of the issue — including steps to reproduce, potential impact, and any supporting evidence — to business@rebiai.tech with the subject line "Security Disclosure." We will acknowledge your report within 2 business days, investigate promptly, and keep you informed of our findings. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to remediate it.
Requesting a Security Review
Enterprise clients and prospects conducting vendor security assessments may request our security documentation package — including our SOC 2 report summary, penetration test executive summary, and completed security questionnaire — by contacting business@rebiai.tech. Documentation is shared under NDA.
Contact
For security enquiries, responsible disclosure, or compliance documentation requests:
ReBi AI — Security Team
Email: business@rebiai.tech