Sozin Technologies Limited

SOZIN TECHNOLOGIES LIMITED SECURITY POLICY

Last Updated: July 26, 2025
Effective Date: July 26, 2025

1. Introduction

At Sozin Technologies Limited, we take the security of our AI chat platform and your data seriously. This Security Policy outlines the measures we have implemented to protect your information and maintain the integrity, confidentiality, and availability of our services including our Sozin AI chat product. Our commitment to security is fundamental to everything we do.

2. Data Protection and Encryption

Data Encryption:

  • All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.3 encryption protocols
  • Data at rest is encrypted using AES-256 encryption standards
  • Database connections are encrypted and secured using industry best practices
  • API communications are secured with HTTPS and proper authentication mechanisms

Data Storage:

  • User data is stored in secure, SOC 2 compliant data centers
  • We implement strict data access controls and monitoring
  • Regular backups are performed with encrypted storage
  • Data retention policies are enforced to minimize data exposure

3. Authentication and Access Control

User Authentication:

  • Secure authentication mechanisms using industry-standard protocols
  • Multi-factor authentication options for enhanced account security
  • Secure session management with automatic timeout features
  • Password policies enforcing strong password requirements

Access Control:

  • Role-based access control (RBAC) for internal systems
  • Principle of least privilege applied to all access permissions
  • Regular access reviews and permission audits
  • Secure API authentication and authorization

4. Infrastructure Security

Network Security:

  • Firewalls and intrusion detection systems protect our infrastructure
  • Regular security assessments and penetration testing
  • DDoS protection and traffic monitoring
  • Secure network architecture with segmentation

Application Security:

  • Secure coding practices and regular code reviews
  • Automated security testing in our CI/CD pipeline
  • Regular vulnerability assessments and remediation
  • Input validation and output encoding to prevent injection attacks

5. AI Model Security

Model Protection:

  • Secure deployment and isolation of AI models
  • Input sanitization and validation for AI interactions
  • Rate limiting and abuse detection for AI services
  • Monitoring for prompt injection and other AI-specific attacks

Data Privacy in AI:

  • We do not use your personal conversations to train AI models without explicit consent
  • Data minimization principles applied to AI processing
  • Secure handling of prompts and responses
  • Compliance with AI ethics and privacy standards

6. Third-Party Security

Vendor Management:

  • Thorough security assessments of all third-party providers
  • Contractual security requirements for vendors
  • Regular monitoring of third-party security posture
  • Data processing agreements with strict security provisions

Third-Party Services:

  • OpenAI, Anthropic, and OpenRouter: Secure API communications with industry-leading AI providers
  • Vercel: Secure hosting with enterprise-grade infrastructure
  • Stripe: PCI DSS compliant payment processing
  • Convex: Secure database services with encryption and access controls

7. Incident Response

Security Incident Management:

  • 24/7 security monitoring and alerting systems
  • Established incident response procedures and team
  • Rapid containment and remediation processes
  • Post-incident analysis and improvement measures

Breach Notification:

  • Prompt notification to affected users in case of security incidents
  • Compliance with applicable data breach notification laws
  • Transparent communication about incident details and remediation steps
  • Coordination with law enforcement when appropriate

8. Compliance and Certifications

Regulatory Compliance:

  • GDPR compliance for European users
  • CCPA compliance for California residents
  • SOC 2 Type II compliance for security controls
  • Regular compliance audits and assessments

Security Standards:

  • Implementation of ISO 27001 security management principles
  • NIST Cybersecurity Framework alignment
  • OWASP Top 10 vulnerability mitigation
  • Industry best practices for cloud security

9. Employee Security

Personnel Security:

  • Background checks for employees with access to sensitive systems
  • Regular security training and awareness programs
  • Secure development lifecycle training for engineering teams
  • Clear security policies and procedures

Access Management:

  • Strict access controls for internal systems
  • Regular access reviews and deprovisioning procedures
  • Secure remote work policies and controls
  • Confidentiality agreements and security obligations

10. Vulnerability Management

Vulnerability Assessment:

  • Regular vulnerability scans and assessments
  • Automated dependency scanning for security vulnerabilities
  • Third-party penetration testing
  • Bug bounty program for responsible disclosure

Patch Management:

  • Timely application of security patches and updates
  • Emergency patching procedures for critical vulnerabilities
  • Regular system maintenance and updates
  • Version control and change management processes

11. Physical Security

Data Center Security:

  • Physical access controls at data center facilities
  • 24/7 surveillance and monitoring
  • Environmental controls and redundancy systems
  • Secure destruction of hardware and media

12. Business Continuity

Disaster Recovery:

  • Comprehensive backup and recovery procedures
  • Regular testing of disaster recovery plans
  • Geographic redundancy for critical systems
  • Business continuity planning and procedures

13. Reporting Security Issues

We encourage responsible disclosure of security vulnerabilities. If you discover a security issue, please contact us immediately at:

  • Email: security@sozin.ai
  • Response Time: We aim to acknowledge security reports within 24 hours
  • Investigation: All reports are thoroughly investigated by our security team

Bug Bounty Program:

  • We maintain a responsible disclosure program
  • Security researchers are acknowledged for valid findings
  • Legal safe harbor for good faith security research
  • Coordinated disclosure timeline for vulnerability remediation

14. Security Updates

This Security Policy is reviewed and updated regularly to reflect changes in our security practices, technology, and regulatory requirements. We will notify users of material changes to this policy through our website and other appropriate channels.

15. Contact Information

For questions about this Security Policy or our security practices, please contact us at:

  • Security Team: security@sozin.ai
  • Privacy Officer: privacy@sozin.ai
  • General Contact: support@sozin.ai

We are committed to maintaining the highest standards of security and privacy for our users. Thank you for trusting Sozin Technologies Limited with your AI chat experiences.

Security Policy - Data Protection & Safety Measures | Sozin AI