Product

Function

Experts

Resources

Contact

Log In

Log In

Log In

Security Overview

As a cybersecurity partner, Veraty takes data and cybersecurity very seriously.

This page provides a security overview of our product and its key features. We are committed to ensuring the security and privacy of our users' data, and are proud to honestly reflect our cybersecurity position below.

We follow world-class frameworks

Veraty prides itself on being a privacy- and security-first organisation. Accordingly, Veraty follows 4 sets of relevant frameworks for data and cyber security:

  1. General Data Protection Regulation (GDPR): Veraty adheres to the GDPR regulation (as applicable to the UK). As one of the strictest data protection regimes in the world, Veraty applies the GDPR framework to its interactions with all our customers, irrespective of region.

  2. Center for Internet Security Critical Security Controls (CIS18): Veraty adheres to the CIS18 cybersecurity framework in relation to its internal cybersecurity program. This protects Veraty from most cyber-attack vectors and pathways.

  3. ISO27001: Veraty adheres to the ISO27001 framework in relation to its Information Security Management System (ISMS). All internal policies and procedures related to information security are drafted to the ISO27001 standard. Veraty is moving towards having its ISMS certified to the ISO27001 standard, with completion expected in 2025.

  4. EU AI Act: Veraty adheres to the EU AI Act, the world's first regulation on artificial intelligence.

We maintain strong technical and organisational measures

In accordance with the GDPR, we maintain strong technical and organisational measures, commensurate to our risk. These include (but are not limited to):

  • Encryption: in transit and at rest (TLS v1.3 and AES-256)

  • MFA: enforced through our Identity Provider (IdP)

  • RBAC: to ensure that employees and workers only get access to information that is required to deliver their role

  • Vulnerability Management: auto-installation of security updates in response to discovered vulnerabilities

  • Anti-malware: anti-malware on our employees' devices which is auto-updated to protect their devices from compromise

  • Private-by-design: we ensure that you control the management of data within our platform so you can maintain the privacy of your information as needed

  • 3rd party management: we maintain strong contractual protections and appropriate safeguards with any 3rd party that is necessary to provide our services to you

We don't train models on your personal information

We don't train any models on your personal data, ever. Where we access an API endpoint from an LLM to provide our services to you, we establish contractual protections with the LLM provider to ensure they do not train their LLM on any of your personal data. We can host models on our own servers upon request. You may also request to have your personal data deleted at any time, in accordance with our Privacy Policy.

We are private- and secure-by-design

While Veraty is still in development, we are building Veraty with our customers first. This means building a private- and secure-by-design platform, supported by the lawyers, security engineers, and cyber experts that work with us through Veraty.

As a user, you can exercise your privacy rights at any time. Please see our Privacy Policy for more information.

Otherwise, if you have any questions, please don't hesitate to contact us at: hello@veraty.ai.