BubblSpace Beta Launching Soon 🎉
AiEdx
AiEdx

Security Practices

Security is integral to AIEDX's core principles of Protection, Privacy, and Partnership and so we take it seriously. This Security Practices page describes the organizational, technical, and physical controls applicable to AIEDX, including our Services, as more specifically described in your governing agreement with AIEDX.

1

Definitions

1.1 User and Customer Definitions

Types of Users:

  • Any person or entity that creates an account, purchases, or subscribes to our Services
  • Any person or entity that browses, visits, or accesses our Website or Services, whether registered or not
  • Any employees, agents, contractors, or representatives of an entity that has been granted access to the Services
  • Any third parties authorized by a registered customer to access or use the Services
  • Any person who uploads, downloads, shares, modifies, or interacts with any content through our Services including but not limited to Demos, POC

acknowledgments:

  • They have read, understood, and agree to be legally bound by these Terms and Conditions in their entirety
  • They have the legal capacity and authority to enter into these Terms
  • If accepting on behalf of an organization, they have the authority to bind that organization
  • They accept full responsibility for all activities conducted through their account
  • They shall ensure compliance with Terms for anyone accessing through their account
2

AIEDX Platform Controls

2.1 Architecture and Data Segregation

description:

AIEDX operates a multi-tenant software-as-a-service system for applications such as Beluga & BubblSpace, using a shared infrastructure for all users.

measures:

  • Logical separation of Customer Data
  • Use of access lists
  • Association of Customer Data with unique customer IDs

2.2 Public Cloud Infrastructure

providers:

  • Amazon Web Services (AWS)
  • E2E Network

services:

  • Web hosting
  • User management
  • Backend API
  • Compute
  • Database
  • Monitoring
  • Automation

note:

AIEDX does not use a private or hybrid cloud

3

Security Controls

framework:

Comprehensive security control framework designed to safeguard the confidentiality, integrity, and availability(CIA) of Customer Data

  • Access Management

    Administrators and incident responders can terminate and disable authenticated sessions, with quarterly reviews of access

  • Multi-factor Authentication

    FIDO2 compliant authentication factor required for all staff members

  • Audit Logging

    Meticulous maintenance of audit logs on various systems

  • Host Management
    • Screen lockouts
    • Full disk encryption
    • Anti-malware
    • Endpoint detection
    • Remote wiping & locking
    • Up-to-date software
  • Network Protection
    • Network abnormality detection
    • Multi-factor authentication
    • Firewalls
    • TLS 1.2+ encryption
  • Cloud Security

    Continuous monitoring of cloud infrastructure

  • Application Security

    Software development lifecycle policy with change management process

3.1 Security Logs

description:

Security-relevant events are logged and audited

events:

  • Authentication
  • Staff actions
  • Infrastructure events

3.2 Data Encryption

storage:

method: AES-256
keyManagement: Amazon Key Management Service (KMS)
certification: FIPS 140-2 validated

transit:

TLS 1.2+

3.3 Reliability, Backup, and Business Continuity

recovery:

timeObjective: 72 hours
pointObjective: 24 hours

backups:

frequency: Daily
retention: 3 months
storage: AWS services
security:
  • Encrypted
  • Access-controlled
  • Least privilege principle

testing:

Annual

3.4 Data Residency

Primary Storage:

Storage and processing performed within AWS infrastructure

AI Services:

Description: Several functions require AI Service. List of subprocessors is provided in Section 5.1
Note: Data transmission & residency may occur across subprocessor infrastructure to provide reliable & quality services

3.5 Return of Customer Data

During Subscription:

Export capabilities via download

Post Termination:

30 days assistance period

File Deletion:

90 days after account termination or deletion of account

Recovery Requests:

requirements:
  • Official support channels
  • Proper account verification
limitations:
  • No guarantee of successful recovery
  • No liability for losses

3.6 Deletion of Customer Data

Deletion Period:

90 days

process:

  • Customer-managed deletion
  • Permanent deletion from systems
  • Deletion confirmation provided
  • Automatic deletion after account termination

3.7 Deletion of Account

description:

To request account deletion, please reach out to contact@bubblspace.com or support@bubblspace.com

process:

  • Contact support via email support@bubblspace.com
  • Account verification required
  • Account and associated data will be deleted as per section 3.6
4

Personnel Practices

hiring:

policies:
  • Background checks
  • Job function-based scrutiny
  • Location-based scrutiny

training:

initial: Information security and privacy policies
ongoing: Annual security training

employee requirements:

  • Role-based access limitations
  • Non Disclosure Agreement
  • Privacy and security trainings
  • Access termination upon employment end
  • Physical access restrictions
  • Audit logging compliance
  • Security authentication requirements
5

Infrastructure

5.1 Subprocessors

subprocessors:

OpenAI OpCo, LLC: Provides responses to user queries, AI agent management, and content moderation. Will not use data for internal purposes including model training
AWS India Private Limited (AIPL): Web hosting, data storage and compute for video processing services
Play AI: TTS (Text to Speech), creation of Podcast
Eleven Labs Inc.: TTS (Text to Speech), creation of Podcast, other Voice related AI Services

5.2 Open Source Software

description:

Components may contain open source software

security:

Vulnerability management program implemented

Need Help?

Contact us at contact@bubblspace.com

© 2024 AIEDX Private Limited
AiEdx
beta

We are building a platform for AI-powered education.

TwitterGitHub

Community

BubblSpace & Beluga are products of AIEDX Private Limited

© 2024 AIEDX Private Limited. All Rights Reserved.