// Security & Trust
Built for the most demanding enterprise environments.
Derteano operates production AI for logistics, identity and government-adjacent workloads across four continents. Security isn't a feature — it's the foundation.
Zero-trust by default
Every request is authenticated, authorized and audited. No implicit network trust. mTLS between services.
Data residency
Customer data stays in the region you choose: us-east, eu-central, me-south (DIFC) or ap-southeast.
Encryption everywhere
AES-256 at rest, TLS 1.3 in transit. Customer-managed keys (BYOK) on enterprise plans.
Least-privilege access
Just-in-time access, hardware-backed MFA for all engineers, full audit log retained 13 months.
// Compliance
Frameworks & certifications
Standard
SOC 2 Type II
In progress · Q3 2026
Standard
ISO 27001
Targeting 2026
Standard
GDPR
Compliant · EU
Standard
LGPD
Compliant · Brasil
Standard
DIFC Data Protection
Compliant · UAE
Standard
HIPAA
On request
// Controls
Operational controls
Identity
- ✓SSO/SAML
- ✓SCIM provisioning
- ✓MFA enforced
- ✓Session policies
Network
- ✓Private VPC peering
- ✓IP allow-listing
- ✓DDoS protection
- ✓WAF
Data
- ✓BYOK / KMS
- ✓Field-level encryption
- ✓PII redaction
- ✓13-mo audit logs
AI safety
- ✓Prompt-injection guards
- ✓Output policy filters
- ✓Red-team playbooks
- ✓Provenance on every answer
Operations
- ✓99.99% uptime SLA
- ✓24/7 on-call
- ✓Multi-region failover
- ✓Quarterly DR drills
Vendor
- ✓Sub-processor registry
- ✓Continuous monitoring
- ✓Annual pen-tests
- ✓Bug bounty
Need our SOC 2 report or DPA?
Available under NDA for enterprise evaluations.