Cloud Platform Security

Self-hosted workers – Your credentials and internal tool access stay within your environment using our self-hosted proxy service. Data encryption – All data, whether at rest or in transit, is encrypted using robust security protocols. Enterprise-grade security – Our platform follows best practices, including multi-factor authentication (MFA), continuous vulnerability scanning, penetration testing, and strong network security measures like firewalls. Compliance & reporting – We uphold strict security compliance standards. Reach out for more details on our compliance framework.

AI & Large Language Models (LLMs)

Deployment

  • We work only with trusted vendors that guarantee no data usage for model training.
  • For enterprises, we offer dedicated AI instances and private model deployments.

Training & Data Handling

  • We do not fine-tune or train LLMs on customer data.
  • Our platform operates on principles of chaos minimisation, leveraging context from structured sources instead of depending on LLMs:

Tool & Data Access Controls

  • Isolated AI & backend services – The AI agent can request data but cannot execute actions directly. All execution requests pass through a backend review for correctness & safety.
  • Strict workspace-level isolation
    • Each workspace has a unique agent, restricted to its own data and tools.
    • Data is accessed only on a need-to-know basis with proper authentication.

PII Protection

  • Automated Data Scrubbing: Our investigation tools automatically detect and redact personally identifiable information (PII) from system outputs before processing or storage. This includes:
    • Email addresses → [EMAIL_REDACTED]
    • Phone numbers → [PHONE_REDACTED]
    • IP addresses → [IP_REDACTED]
    • API keys and tokens → [API_KEY_REDACTED]
    • Credit card numbers → [CC_REDACTED]
  • Real-time Processing: PII scrubbing occurs immediately after data collection from connected systems (logs, metrics, databases) and before any AI analysis or data persistence, ensuring sensitive information never enters our processing pipeline or AI engine.
  • Comprehensive Coverage: The scrubbing system recursively processes all data structures (nested objects, arrays, strings) to ensure no PII is inadvertently exposed in investigation results or stored context.
This automated protection helps maintain compliance with privacy regulations while preserving the technical context needed for effective incident resolution.

Compliance & Certifications

DrDroid is certified for:
  • SOC-2
  • ISO 27001
For more details, visit our Trust Center.