AI Survivors
|
Start My AI Survival Scan
Start a Project
Security & Compliance

Information Security Policy

Last updated: April 2026

AI Survivors takes information security seriously. We apply the same measures we advise our clients — no exceptions for internal use.

Infrastructure

All production systems run on servers within the European Union:

  • Server hosting: Strato (Germany)
  • Cloud storage and backups: Microsoft Azure West-Europe
  • DNS and DDoS protection: Cloudflare (EU data centres)

Encryption

Layer Measure
In transit TLS 1.3 for all connections
At rest AES-256 for stored data
Backups Encrypted (AES-256-CBC) for transfer and storage

Access Control

  • Cluster access exclusively via VPN (WireGuard)
  • MFA required for all production environments
  • Least-privilege principle: each service has only the permissions it needs
  • Service accounts with auto-mounted tokens are disabled

Secrets Management

All secrets (API keys, passwords, certificates) are managed via Azure Key Vault. No hardcoded secrets in code or configuration files. Secrets are automatically synchronised via the External Secrets Operator.

Monitoring & Detection

  • Prometheus + Grafana: infrastructure monitoring (CPU, memory, network, storage)
  • Sentry: application error monitoring (self-hosted within the EU)
  • Alertmanager: real-time Slack alerts for critical events
  • Loki: centralised log storage for all services

Backups

  • Daily encrypted backups of all PostgreSQL databases to Azure Blob Storage (EU)
  • Monthly automated restore test to verify integrity
  • etcd backups (Kubernetes cluster state) daily, verified monthly
  • Retention: 30 days

Security Testing on Every Release

Measure Tool
SAST (static code analysis) Semgrep
Secret scanning Gitleaks
DAST (dynamic scan) OWASP ZAP
Network vulnerability scan Nuclei (monthly)
Container vulnerability scan Trivy + SBOM
Kubernetes hardening check kube-bench (CIS Benchmarks, weekly)

Incident Response

In the event of a security incident:

  1. Detection and isolation within 1 hour
  2. Assessment of severity and scope
  3. Notification of data subjects and supervisory authority where GDPR requires it (within 72 hours)
  4. Recovery and root-cause analysis
  5. Documentation and improvements

Reporting Vulnerabilities

Found a vulnerability? See our Responsible Disclosure page for how to report it and what to expect.

Scope

This policy applies to all systems, staff and processors of AI Survivors involved in processing client data and business information.

AI Survivors helps businesses survive and thrive in the age of AI. We design systems, workflows, and training that make teams faster, smarter, and ready for what's next.
LinkedInYouTubeInstagramX
Company
Home
About
Blog
Contact
Systems & Services
View All Systems
AI Agents & Workflows
AI Workshops & Training
AI Act Readiness
Resources
AI Survival Scan
AI Growth Plan
AI Thrive Retainer
Privacy & Cookie Policy
Security & Compliance
Need help adapting to AI?
Email us at [email protected] or start your AI Survival Scan.
© 2026 - AI Survivors — All rights reserved