How we protect data, infrastructure, and communications.
All traffic is encrypted with TLS 1.3. Data at rest uses AES-256 encryption. Credentials are encrypted with Fernet (symmetric). API keys are never logged or stored in plaintext.
TLS 1.3AES-256Containerized services with isolated networks. Least-privilege access control. Automated security patching. Regular system health diagnostics every 15 minutes.
DockerIsolatedContinuous system health checks. Automated incident detection and escalation. Trust database with replay tests for recurrence prevention. Production mutation gate on all writes.
24/7Replay TestsMulti-factor authentication on all administrative access. Encrypted credential vault with automatic rotation where supported. Session-based access with automatic expiry.
MFAVaultWe take security seriously. If you discover a vulnerability, please report it responsibly:
Email: contact@sovael.ai — include "Security" in the subject line.
Response time: We aim to acknowledge reports within 48 hours and provide an initial assessment within 5 business days.
Safe Harbor: We will not pursue legal action against researchers who report vulnerabilities in good faith, provided they avoid data destruction, service interruption, and privacy violations during testing.
Do Not Publicly disclose vulnerabilities before we've had reasonable time to address them.