Skip to main content
This page addresses frequently asked questions and common security topics for ABV. If you don’t find a solution to your issue here, reach out to [email protected].

Data Protection & Encryption

TLS 1.2+ protects traffic; all stored data uses AES-256 encryption. See encryption documentation for more details.
No—customer traces and prompts are processed only to provide the ABV service and are never used to train internal or third-party ML models. See security overview for more details.
Each project can set its own retention window; data older than that is purged nightly, and users/API can trigger immediate deletion or export. See data retention and data deletion documentation.

Deployment & Infrastructure

Yes, please contact us for pricing and setup.
Cloud tenants are logically isolated by project-level RBAC. Optional physical separation is available for enterprise clients. See RBAC documentation for more details.
Yes—EU, US and HIPAA-ready US zones are available.
ABV runs on AWS in isolated VPCs with WAF and AWS Shield for DDoS mitigation.

Compliance & Certifications

ABV is ISO 27001 and ISO 42001 compliant; GDPR & HIPAA controls are implemented. See compliance overview for more details.
Independent penetration tests occur annually, plus continuous vulnerability scans. See penetration testing for more details and past results.

Identity & Access Management

OIDC SSO, email/password, and SCIM provisioning; MFA or passkeys can be enforced via your IdP. See authentication documentation for more details.
RBAC lets you scope roles to organisation or project. See RBAC documentation for more details.

Application Security & SDLC

Every commit passes our CI pipeline of end-to-end, unit, and security tests.

Incident Response & Business Continuity

24 × 7 monitoring triggers an on-call engineer; affected customers are notified and post-mortems are published for larger incidents. See Incident & Breach documentation for more details.

Vulnerability & Pen-Testing

ABV maintains a public responsible-disclosure policy; CVSS drives remediation SLAs. See penetration testing for more details.
No.

Sub-processors & Third-Party Risk

Please contact [email protected] for the current list of sub-processors.

AI / LLM-Specific Concerns

ABV stores the data as-is. You can redact sensitive data via data masking.
Yes—you can configure custom data retention policies.
No. ABV does not repurpose customer data for external benchmarks or model training. See security overview for more details.

Governance, People & Culture

All staff pass background checks, sign NDAs and complete security training. See ISO 27001 compliance and ISO 42001 compliance for more details.
ABV CISO leads security efforts at ABV and reviews risk quarterly and drives continuous improvement. See ISO 27001 compliance and ISO 42001 compliance for more details.