Security Statement

Last updated: 2025-07-18 · Version 1.0

At Ploid AI Biotech, S.L. we recognize that data security underpins scientific integrity and customer trust. This Security Statement outlines the technical and organizational measures we employ to safeguard your information.

1. Infrastructure

• Hosted on ISO-27001 certified cloud providers (AWS & GCP).
• Data centers employ 24/7 physical security, biometric access controls, and redundant power.

2. Data protection

• All data in transit is encrypted using TLS 1.2+; data at rest is encrypted with AES-256.
• Separate production, staging, and development environments.
• Principle of least privilege enforced via role-based access control (RBAC).

3. Application security

• Automated dependency scanning (Snyk) and container image signing.
• Static and dynamic code analysis integrated into CI/CD.
• Regular penetration tests by independent security firms.

4. Operational security

• Mandatory security awareness training & phishing simulations.
• Endpoint protection with EDR and full-disk encryption.
• 24/7 monitoring and alerting for anomalous activities.

5. Incident response

We maintain an incident response plan with defined severity levels, communication protocols, and post-incident reviews.

6. Business continuity & disaster recovery

Daily backups with geographically distributed storage and quarterly recovery drills.

7. Compliance

We comply with the General Data Protection Regulation (GDPR) and other applicable data-protection laws. We are actively working toward additional certifications—such as SOC 2 Type II—and will update this statement as progress is made.

8. Responsible disclosure

Found a vulnerability? Email security@ploid.ai with details. We aim to acknowledge reports within 24 hours.

9. Changes

We may update this Security Statement periodically. Material changes will be posted on this page.