> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abv.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Compliance Overview

> Comprehensive security, privacy, and compliance infrastructure for enterprise AI applications

# How We Protect Your Data

Understanding how your data is protected helps you make informed decisions about using ABV in your security-sensitive applications.

<AccordionGroup>
  <Accordion title="Encryption Throughout" icon="lock">
    All data is encrypted both in transit and at rest using industry-standard protocols:

    * **In Transit**: TLS (Transport Layer Security) for all network communications
    * **At Rest**: AES-256 encryption for all stored data across databases, caches, and blob storage

    This means your LLM traces, prompts, and evaluation data are protected from unauthorized access at every stage of their lifecycle.
  </Accordion>

  <Accordion title="Access Controls & Authentication" icon="key">
    We implement multiple layers of access control to ensure only authorized users can access your data:

    * **Enterprise SSO**: OIDC-based single sign-on with providers like Okta and Azure AD
    * **Role-Based Access Control (RBAC)**: Granular permissions at organization and project levels
    * **SSO Enforcement**: Optional requirement for domain-based SSO usage
    * **Multi-Factor Authentication**: Additional security for sensitive operations

    Learn more about our [authentication and authorization](/security/security/authentication-authorization) mechanisms.
  </Accordion>

  <Accordion title="Regular Security Testing" icon="bug">
    We don't wait for security issues to find us—we actively hunt for them:

    * **Annual External Penetration Tests**: Independent security experts simulate real-world attacks
    * **Vulnerability Management**: Continuous scanning and rapid remediation
    * **ISO 27001 Audits**: Annual third-party audits of our information security management system

    Customers on Pro and Enterprise plans can [request access to our penetration test reports](/security/security/penetration-testing).
  </Accordion>

  <Accordion title="Data Residency & Isolation" icon="globe">
    Choose where your data lives and how it's isolated:

    * **Regional Deployment**: US (Virginia), EU (Ireland), and dedicated HIPAA regions
    * **Multi-Tenant SaaS**: Secure isolation in shared infrastructure
    * **Single-Tenant Options**: Dedicated environments for enterprise customers

    Your data stays in your chosen region and is never shared between organizations.
  </Accordion>

  <Accordion title="Privacy-First Design" icon="user-shield">
    We build privacy into every feature:

    * **Data Masking**: Automatically redact sensitive information from traces
    * **Data Retention Controls**: Configure how long data is stored
    * **Data Deletion**: Delete specific traces, projects, or entire organizations
    * **Minimal Data Collection**: We only collect what's necessary for the service

    Learn more about [managing personal data](/security/privacy/managing-personal-data) in ABV.
  </Accordion>
</AccordionGroup>

# Compliance Certifications

We maintain active compliance with industry-standard frameworks to meet your regulatory requirements.

<AccordionGroup>
  <Accordion title="ISO 27001 Certified" icon="certificate">
    Our information security management system (ISMS) is certified to ISO 27001 standards, with annual third-party audits validating our security controls, risk management, and incident response processes.

    [View ISO 27001 details](/security/compliance/iso-27001-compliance)
  </Accordion>

  <Accordion title="ISO 42001 Alignment" icon="robot">
    We align with ISO 42001, the international standard for AI management systems, ensuring responsible AI development, deployment, and governance.

    [View ISO 42001 details](/security/compliance/iso-42001-compliance)
  </Accordion>

  <Accordion title="HIPAA Ready" icon="hospital">
    For healthcare organizations, ABV offers HIPAA-aligned infrastructure with Business Associate Agreements (BAA) to protect Protected Health Information (PHI).

    [View HIPAA details](/security/compliance/hipaa-compliance)
  </Accordion>

  <Accordion title="GDPR Compliant" icon="scale-balanced">
    We comply with the General Data Protection Regulation (GDPR), offering data processing agreements (DPA) and comprehensive controls for managing personal data.

    [View GDPR details](/security/privacy/gdpr-compliance)
  </Accordion>

  <Accordion title="NIS2 Directive" icon="shield-check">
    We align with the EU's NIS2 Directive for network and information security, implementing comprehensive cybersecurity measures and incident reporting.

    [View NIS2 details](/security/compliance/nis2-compliance)
  </Accordion>
</AccordionGroup>

# Infrastructure & Deployment

## Deployment Models

Choose the deployment model that fits your security and compliance requirements:

| Model             | Description                                       | Best For                                            |
| ----------------- | ------------------------------------------------- | --------------------------------------------------- |
| **Multi-Tenant**  | Secure, isolated tenants in shared infrastructure | Most organizations—fast deployment, managed updates |
| **Single-Tenant** | Dedicated environment with isolated resources     | Enterprise customers only                           |

## Infrastructure Details

**Cloud Provider**: AWS and ClickHouse via AWS

**Regions**:

* **US Region**: us-east-1 (Virginia)
* **EU Region**: eu-west-1 (Ireland)
* **HIPAA Region**: Dedicated infrastructure for healthcare compliance

**Services Encrypted at Rest**:

* Elasticache (Redis) - AES-256
* Aurora (PostgreSQL) - AES-256
* ClickHouse - AES-256
* S3 / Blob Storage - AES-256

# Transparency & Reporting

We believe in security through transparency. We maintain clear channels for security reporting and provide visibility into our security practices.

<AccordionGroup>
  <Accordion title="Responsible Disclosure Program" icon="shield-halved">
    We welcome security researchers to help us identify and fix vulnerabilities. Our responsible disclosure program provides clear guidelines for reporting security issues confidentially.

    [View our responsible disclosure policy](/security/security/responsible-disclosure)
  </Accordion>

  <Accordion title="Incident Response" icon="bell">
    In the unlikely event of a security incident, we have a comprehensive incident response plan that includes:

    * Immediate containment and investigation
    * Customer notification within required timeframes
    * Root cause analysis and remediation
    * Post-incident review and improvements

    [Learn about our incident response](/security/security/incident-breach)
  </Accordion>

  <Accordion title="Whistleblowing Channel" icon="megaphone">
    We maintain a confidential whistleblowing channel for reporting concerns about security, privacy, ethics, or compliance.

    [View whistleblowing information](/security/security/whistleblowing)
  </Accordion>

  <Accordion title="Security Documentation" icon="file-shield">
    We provide access to security documentation for customers:

    * Penetration test reports (Pro/Enterprise)
    * ISO 27001 certificates
    * Data Processing Agreements
    * Business Associate Agreements (HIPAA)

    Contact [security@abv.dev](mailto:security@abv.dev) to request access.
  </Accordion>
</AccordionGroup>

# Internal Policies

Our compliance program is based on comprehensive internal policies covering every aspect of security, privacy, and AI governance. [View our complete policy list](/security/compliance/policies).

# Next Steps

Explore specific areas of our security and compliance program:

<CardGroup cols={2}>
  <Card title="Authentication & Authorization" icon="key" href="/security/security/authentication-authorization">
    Learn about SSO, RBAC, and access controls
  </Card>

  <Card title="Encryption" icon="lock" href="/security/security/encryption">
    Understand how we encrypt data in transit and at rest
  </Card>

  <Card title="GDPR Compliance" icon="scale-balanced" href="/security/privacy/gdpr-compliance">
    Review our GDPR compliance and data protection
  </Card>

  <Card title="HIPAA Compliance" icon="hospital" href="/security/compliance/hipaa-compliance">
    See how we support healthcare organizations
  </Card>
</CardGroup>
