Security & Trust

Built Secure from the Ground Up.

Security is not a feature we add to our deployments — it is the foundation every engagement is built on. Here is exactly how we protect your data and your organisation.

01

Zero Data Exfiltration

Every AI agent we deploy runs entirely inside your own AWS or Azure cloud tenant. Your customer data, transaction records, and proprietary information never leave your perimeter — not during inference, not during fine-tuning, not ever. SupraCloud engineers access your environment only via time-limited, audited credentials agreed in advance.

02

Full Tenant Isolation

Each client deployment is a fully isolated environment. There is no shared compute, no shared model endpoints, and no shared storage between clients. Your agents run on dedicated infrastructure scoped exclusively to your organisation.

03

FCA / GDPR Compliance Architecture

Our agent architectures are designed from the ground up for regulated UK environments. Every decision made by an AI agent is logged with a full, immutable audit trail. Explainable AI outputs, human escalation paths, and confidence thresholds are built into every deployment — not added afterwards.

04

ISO 27001-Aligned Infrastructure

Our cloud architecture follows ISO 27001 controls. APIs are hardened to OWASP standards. All data at rest is encrypted with AES-256. All data in transit uses TLS 1.3. Access to production environments is governed by least-privilege IAM policies and reviewed quarterly.

05

NDA Before Discovery

We sign a mutual NDA before any technical discussion begins. No technical details, infrastructure information, or data samples are shared until the NDA is in place. This is a hard requirement, not an option.

06

Penetration Testing

SupraCloud engagements include a pre-deployment security review. For Platform-tier clients, third-party penetration testing of the deployed agent infrastructure is available as part of the engagement scope.

07

Responsible Disclosure

If you discover a security vulnerability in any SupraCloud system, please report it responsibly to security@supracloud.co.uk. We commit to acknowledging reports within 24 hours and resolving confirmed vulnerabilities within 30 days. We do not pursue legal action against good-faith security researchers.

Security enquiries

security@supracloud.co.uk