Guides
Start typing to search…
  1. Security and Privacy

AI Security & Privacy Overview

This document outlines ClickMint's security and privacy protocols for AI operations, based on the managed protections provided by Amazon Bedrock and OpenAI Enterprise.

1. Data Protection by Design

Encryption

  • All prompts, model outputs, and stored assets are encrypted in transit (TLS 1.2+) and at rest (AES‑256).

Data Isolation

  • Customer inputs are not used to train foundation models.

Retention Limits

  • Logs retained only for the vendor compliance period (≤ 30 days).
  • Zero‑Data‑Retention endpoints used for sensitive workloads.

2. Access & Identity Assurance

Least‑Privilege Access

  • Short‑lived roles with minimal permissions.
  • No long‑lived credentials stored locally or in CI.

Single Sign‑On & MFA

  • Federated access through ClickMint identity provider with mandatory MFA.

3. Continuous Governance & Compliance

Audit Logging

  • Immutable audit trails aligned with SOC2, ISO 27001, HIPAA‑eligible, and GDPR requirements.

Automated Guardrails

  • Abuse detection and content filtering applied to requests.

Quarterly Policy Review

  • Compliance attestations and internal policies reviewed quarterly.

4. Incident Preparedness

24/7 Monitoring

  • On‑call engineers alerted in real time and respond within 15 minutes for priority‑one issues.

Escalation Channels

  • Escalation paths with AWS and OpenAI security teams.

Updated about 3 hours ago