Security Measures
Effective as of the Effective Date of the Agreement.

This document forms an integral part of the Master Services Agreement concluded between UtopikAI (PLOMIUM SASU) and the Customer.

1. Roles of the Parties

UtopikAI maintains an information security program designed to safeguard its systems, services, and data, including Customer Data and Customer Personal Data.
UtopikAI commits to implementing reasonable and appropriate technical and organizational measures to protect against unauthorized access or accidental loss, alteration, disclosure, or destruction.
The Customer is responsible for assessing whether the security measures described herein meet its legal or contractual obligations.

2. Updates to Security Measures

These Security Measures are subject to change. UtopikAI may update them, provided such changes do not materially degrade the overall security of the Services provided to the Customer.

3. Description of Security Measures

A. Data Security

  • Hosting: Data is hosted on AWS (SOC2, ISO 27001, ISO 27018 certified).
  • Backups: Daily, automated, and encrypted.
  • Encryption at rest: AES-256.
  • Encryption in transit: TLS 1.2 or higher.
  • Data erasure: Upon customer request, unless subject to legal retention requirements (see DPA).
  • Physical security: Managed by AWS.
  • Ingestion control: Admins can configure specific access to folders, channels, or spaces.
  • Data segregation: Strict logical isolation by workspace.

B. Application Security

  • Code review: Threat modeling and security review included in all updates.
  • Credential management: Cryptographic keys assigned per-role based on the principle of least privilege.
  • Vulnerability & patch management: Continuous scanning; patches prioritized and applied based on severity.
  • Web Application Firewall (WAF): Active on all public endpoints.
  • Business continuity: Daily snapshots, database replication, automatic failover via AWS Aurora.

C. Security Profile

  • Data access: Restricted to employees for support purposes and only with explicit authorization.
  • Third-party dependencies: Listed in the Sub-Processors documentation.
  • Infrastructure: Hosted on AWS.

D. Employee Security & Access Control

  • Training: Mandatory at onboarding and refreshed annually.
  • Hiring: Background checks performed when permitted by local law.
  • Incident response: Documented procedure covering detection, containment, remediation, and postmortem.
  • Internal audits: Conducted regularly.
  • Authentication:
    • MFA required for all employees (via AWS).
    • Mandatory use of 1Password for password management.
  • Access control: Least privilege principle; periodic access reviews.
  • Logging & monitoring:
    • Logs ingested via AWS CloudWatch.
    • Retention: 15 days, no PII or sensitive data.
    • Access permitted for debugging only.
  • Testing: Local only; no access to production secrets.

E. Vulnerability Reporting

Vulnerabilities can be reported via email to: security@utopikai.com.
UtopikAI does not currently offer a formal bug bounty program. All submitted information must be provided unconditionally.

Ready to boost your productivity with AI?

Contact us today and discover how UtopikAI can transform the way you work.Automate your tasks, improve efficiency, and maintain full control over your data.

Start my free trial
ArrowArrow

AI that adapts to your business.Secure, efficient, and tailored to your needs, it transforms the way you work.

Useful Links
HomeProductivityPricingContact usTerms and Conditions
Solutions
Customer SupportMarketingOperationsSalesHuman ResourcesTech Teams
Copyright © UtopikAI 2024