AI Security Policy + Practices

Why should your company be comfortable with using Masset’s AI?

  • 1st-Party Infrastructure: Your data remains secure within our AWS and Google-powered infrastructure. We don't transfer your data to 3rd party services outside of our own infrastructure; everything is managed internally to minimize exposure risks.  Both providers are bound to honor the privacy of Masset data as defined in their Privacy Policies and EULAs.
  • Privacy Controls: Our AI respects your existing privacy controls. If a user lacks access to a specific file, the AI won't be provided the permissioned information, ensuring that sensitive information is protected.
  • Sourced and Cited: Masset AI is required to cite and source its answers so you always know where it is getting its answers.
  • No Training: Masset does not use your data to train its AI. You can rest assured that your data is not being baked into models.
  • SSO Integration: We support Single Sign-On (SSO) for streamlined and secure access management, reducing the risk of unauthorized access.
  • SOC 2 Certification (Coming Soon): We adhere to SOC 2 standards, ensuring stringent security and privacy practices to safeguard your data.
  • Transparent Sub-Processor List: We maintain a clear and accessible list of our sub-processors, promoting transparency and accountability in our operations.
  • Data Encryption: Both data at rest and in transit are encrypted to protect against unauthorized access, preserving confidentiality and integrity.
  • Access Controls: Role-based access controls (RBAC) manage user permissions and restrict access to sensitive data and AI models, preventing unauthorized access and potential breaches.
  • Audit Logs: We maintain detailed logs of key AI activities and user interactions for transparency and accountability, enabling traceability and ensuring compliance.
  • Regular Security Assessments: We conduct periodic security assessments, including vulnerability scanning and penetration testing, to proactively identify and address potential risks, safeguarding your data and systems.
  • Incident Response Plan: We have a well-defined incident response plan in place to quickly and effectively address any security breaches or incidents, minimizing potential damage and ensuring business continuity.
  • Employee Training: We provide regular security awareness training to employees to educate them about best practices and potential threats, fostering a security-conscious culture and reducing the risk of human error.
  • Data Anonymization and Masking: We ensure that personal identifiable information (PII) is anonymized or masked when processed by AI, which is especially critical for compliance with regulations like GDPR or CCPA and protects user privacy.
  • Compliance with Data Sovereignty Laws: Masset handles data sovereignty responsibly, ensuring that data storage and processing align with local laws and regulations based on geographical location, upholding legal requirements and data privacy standards.
  • AI Model Explainability: We implement mechanisms for AI explainability or transparency to help users understand AI decisions, especially in industries where explainable AI is critical (e.g., healthcare, finance), fostering trust and accountability.
  • Automated Threat Detection: We utilize threat detection systems to proactively identify suspicious activities or potential data breaches within the infrastructure, enhancing security and enabling rapid response to threats.
  • Backup and Disaster Recovery Plans: We prioritize business continuity by maintaining a secure, reliable backup system and disaster recovery strategy to ensure data availability and minimize downtime in case of emergencies.

Third-Party Audits: We incorporate regular third-party security audits or certifications to provide an extra layer of trust and validation for customers concerned with security, demonstrating our commitment to maintaining high security standards.