Safeguarding Your Innovation: Chemcopilot's Commitment to Security and Data Privacy

In today's fast-paced industrial landscape, innovation hinges on both efficiency and security. At Chemcopilot, we understand that our customers, especially those handling sensitive Bills of Materials (BOMs) and valuable intellectual property, require a platform they can trust. That's why we've built Chemcopilot with robust security and data privacy practices at its core. This blog post delves into the specific measures we've implemented to ensure your data remains protected.

Data Storage and Encryption: Your Data, Your Control

We exclusively utilize Amazon S3 and DynamoDB for data storage, leveraging the inherent security of the AWS cloud. Model training and operational data reside in Amazon S3, benefiting from AWS's default encryption. For those seeking an extra layer of protection, we offer optional enhanced encryption through AWS Key Management Service (KMS).

Data at rest within Amazon S3 is always encrypted, whether using AWS-managed keys or your own KMS keys. Data in transit is secured using HTTPS with TLS encryption, adhering to AWS best practices. Similarly, DynamoDB data in transit is encrypted with HTTPS/TLS, and it also provides built-in encryption at rest.

We empower you with control over your data. You retain exclusive access, and your data is stored encrypted until contract termination. Upon termination, we securely and permanently purge your data.

Granular AWS policies at the resource level ensure stringent access controls. AWS S3 bucket and DynamoDB table policies restrict access to data owners and their organizations. Your designated administration teams manage data access permissions.

To prevent sensitive data leaks through prompts and outputs, we employ HTTPS/TLS encryption for all transmissions. We don't persistently store prompts or outputs in our logging systems, minimizing exposure. Robust input and output validation guardrails add another layer of security.

Model Security: Integrity and Protection

We ensure AI model integrity through strict access control and KMS encryption. Data generated within models remains contained, preventing internet leakage. Our "Outside-In" data approach retrieves necessary data from the internet without sending anything back.

AI models are encrypted with PrometheusAGI-managed KMS keys to prevent tampering. We continuously monitor KMS key access using AWS CloudTrail and employ anomaly detection systems to track access patterns, triggering alerts for unusual behavior. Model updates and deployments are managed through a secure, customer-centric process utilizing AWS KMS keys.

Infrastructure and System Security: A Multi-Layered Approach

We utilize AWS Cognito for external user registration, sign-in, and access control, while internal users are managed through AWS IAM and Google Workspace logins. Strong password policies and MFA are enforced.

API keys and credentials are handled securely through environment isolation, minimalpermissions, and periodic rotation. Our development and production environments are isolatedin separate AWS accounts and VPC networks.

Network security is paramount. We deploy our AI tool within a secure AWS VPC, using AWSNetwork Firewall and CloudTrail to protect network traffic. Internal communication uses secure VPC networks, and external communication uses HTTPS/TLS and appropriate API keys.

We ensure software security by relying on AWS's infrastructure maintenance and promptly updating application-level dependencies. AWS CloudTrail and CloudWatch monitor for vulnerabilities, and we follow secure coding practices based on OWASP guidelines.

Comprehensive logging and monitoring via AWS CloudWatch, along with security event analysis and secure log storage, provide continuous oversight.

Product/Application Security: Best Practices and Future Audits

AWS Cognito handles customer authentication with strong password policies and MFA. Individual AWS KMS keys encrypt each customer's sensitive data. We isolate development and production environments and enforce minimal permissions.

While we plan for future security audits and certifications, our current incident response plans are documented and utilize AWS CloudTrail and CloudWatch for detection and isolation.

At Chemcopilot, we're dedicated to building trust through transparency and robust security practices. We understand the importance of safeguarding your valuable data and intellectual property, and we're committed to continuously enhancing our security measures.