ExBrain

SECURITY & COMPLIANCE

Security by design.

Ex.Brain is built for organizations that take security seriously. Our platform is architected from the ground up with security as a first-order requirement — not an afterthought. This page covers our security principles, encryption standards, compliance posture, and infrastructure.

Architecture validated against source code, May 2026. Security owned by Adam Sepehri, CTO and CISO, PhD in Computer Vision, MS in AI. Read the full technical security architecture →

PRINCIPLES

Security principles

Zero data training

Your data is never used to train AI models — not ours, not any third party's. Your knowledge stays exclusively yours.

AES-256 encryption at rest

All stored data is encrypted using AES-256. This applies to knowledge bases, documents, and all user-generated content.

TLS 1.3 in transit

All data in transit is encrypted with TLS 1.3. No unencrypted connections are accepted on any endpoint.

Role-based access control

Granular, permission-bounded access. Users see only what their role permits. Enforced at the architecture level, not the UI.

Immutable audit logs

Every sensitive action is logged in append-only, immutable logs. INSERT and SELECT only — UPDATE and DELETE are blocked at the database level.

Defense in depth

Multiple independent protections across every level: identity, authorization, infrastructure, encryption, audit, and operations.

COMPLIANCE

Compliance & certifications

We are committed to meeting the compliance requirements of our customers across regulated industries.

SOC 2 Type II

In progress

Audit in progress. Contact us for our current SOC 2 report.

ISO 27001

Roadmap

Planned for 2026. Built to ISO 27001 controls.

GDPR

Compliant

Data Processing Agreement available. Contact privacy@exbrain.ai.

CCPA

Compliant

California privacy rights honored. See our Privacy Policy.

HIPAA

Ready

Business Associate Agreements available for healthcare customers.

INFRASTRUCTURE

Infrastructure

Ex.Brain runs on enterprise-grade cloud infrastructure with redundancy, automated failover, and geographic distribution.

  • Primary infrastructure: Google Cloud Platform (GCP) with multi-region deployment
  • AI services: Microsoft Azure AI services with enterprise data residency commitments
  • Data isolation: Full tenant isolation — no shared data stores between organizations
  • Backups: Automated daily backups with point-in-time recovery and encrypted off-site storage
  • Uptime: 99.9% uptime SLA with real-time status monitoring

CONTACT

Security contact

For security questions, to request compliance documentation, or to report a vulnerability, contact our security team:

Security Team

Adam Sepehri, CTO & CISO

security@exbrain.ai

TECHNICAL DOCUMENTATION

Want the full security architecture?

Our security page covers defense in depth, permission-bounded AI retrieval, STRIDE threat modeling, and our complete control stack.