Back to Home

Security Policy

Last updated: January 19, 2026 | Version 1.0

Security Overview

At SISSONGO INC., security is fundamental to our operations. We implement comprehensive security measures to protect your data and ensure the integrity of our AI-powered intelligence platform. Our security practices align with industry standards and regulatory requirements including the EU AI Act, GDPR, UK GDPR, and applicable US regulations.

Certifications & Compliance

SOC 2 Type II

Annual audit of security, availability, and confidentiality controls.

ISO 27001

Information security management system certification.

GDPR Compliant

Full compliance with EU General Data Protection Regulation.

EU AI Act Ready

Compliance with EU Artificial Intelligence Act requirements.

Data Encryption

Encryption in Transit

  • TLS 1.3 for all data transmissions
  • HTTPS enforced across all endpoints
  • Certificate pinning for mobile applications
  • Perfect Forward Secrecy (PFS) enabled

Encryption at Rest

  • AES-256 encryption for all stored data
  • Hardware Security Modules (HSM) for key management
  • Encrypted database backups
  • Secure key rotation policies

Infrastructure Security

Network Security

  • Web Application Firewall (WAF)
  • DDoS protection and mitigation
  • Network segmentation and isolation
  • Intrusion detection and prevention

Application Security

  • Regular security code reviews
  • Static and dynamic application security testing
  • Dependency vulnerability scanning
  • Container security scanning

Access Control

Authentication

  • Multi-factor authentication (MFA) available and recommended
  • Single Sign-On (SSO) integration via SAML 2.0 and OIDC
  • Strong password requirements enforced
  • Session management with automatic timeout
  • Account lockout after failed login attempts

Authorization

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and audits
  • API key management with scoped permissions

AI System Security (EU AI Act Compliance)

Our AI systems are designed with security and transparency as core principles, in compliance with the EU AI Act:

  • Human Oversight: All AI-generated intelligence is subject to human review before critical decisions
  • Data Quality: Training data undergoes quality checks and bias assessment
  • Transparency: AI system capabilities and limitations are clearly documented
  • Audit Logging: All AI system operations are logged for accountability
  • Risk Assessment: Regular assessment of AI system risks and mitigation measures
  • Technical Documentation:Comprehensive documentation maintained for regulatory compliance

Incident Response

We maintain a comprehensive incident response program that includes:

  • 24/7 security monitoring and alerting
  • Documented incident response procedures
  • Regular incident response training and drills
  • Notification within 72 hours for GDPR-applicable breaches
  • Post-incident reviews and remediation

Report Security Issues

If you discover a security vulnerability, please report it responsibly to: security@sissongo.com

Data Protection Measures

Backups

Encrypted daily backups with geographic redundancy and tested recovery procedures.

Data Centers

Tier III+ data centers with physical security, biometric access, and 24/7 monitoring.

Data Retention

Automated data retention policies with secure deletion procedures.

Employee Security

  • Background checks for all employees with data access
  • Security awareness training program
  • Confidentiality agreements and security policies
  • Principle of least privilege for system access
  • Regular security training and phishing simulations

Security Contacts

Security Team: security@sissongo.com

Data Protection Officer: dpo@sissongo.com

Vulnerability Reports: security@sissongo.com

For urgent security matters, please include "URGENT" in your email subject line.