Jul 16, 2024

Security

Security Policy
Effective Date: 01/01/2025
Company: DreamCache ᴬᴵ Ltd
Websites: www.dreamcache.io, www.dreamcache.ai, www.quantumcreativity.ai

1. Our Commitment to Security

At DreamCache ᴬᴵ Ltd, security is at the core of everything we do. We are committed to protecting our platform, infrastructure, and user data with robust, enterprise-grade security standards. This policy outlines the key measures we take to safeguard your information and ensure a secure experience on our AIaaS platform.

2. Data Protection & Privacy Compliance

We comply with all applicable UK data protection laws, including:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

All user data is processed securely and transparently in accordance with our Privacy Policy.

3. Infrastructure Security

  • Our platform is hosted on secure cloud infrastructure with industry-leading providers such as AWS, GCP, or equivalent.

  • We use multi-zone redundancy and real-time backups to ensure platform availability and disaster recovery.

  • All infrastructure is containerized and monitored for performance, integrity, and threat detection.

  • Systems are regularly scanned for vulnerabilities and patched promptly.

4. Data Encryption

  • Encryption in Transit: All data transferred between users and our servers is protected using TLS 1.2+ encryption.

  • Encryption at Rest: All sensitive data, including user information and model training data, is encrypted at rest using AES-256 or equivalent.

5. User Access & Authentication

  • We implement role-based access control (RBAC) to limit system access based on user role and responsibility.

  • Administrative interfaces are protected by multi-factor authentication (MFA) and strict session management.

  • Passwords are hashed using bcrypt and never stored in plain text.

6. Application & API Security

  • All APIs are protected with authentication tokens, usage throttling, and secure endpoints.

  • We implement rate limiting and request validation to prevent abuse, injection attacks, and DDoS attempts.

  • Input data is sanitized to protect against XSS, CSRF, and injection attacks.

7. Monitoring & Incident Response

  • We employ continuous system monitoring and automated alerts for unusual activity or potential breaches.

  • We have a documented Incident Response Plan (IRP) in place to ensure rapid mitigation and user notification in the event of a security incident.

  • Security logs are retained and reviewed regularly.

8. Third-Party Risk Management

  • All third-party services and processors are reviewed for GDPR compliance and must meet our security standards.

  • Data-sharing agreements and Data Processing Addendums (DPAs) are in place for all relevant vendors.

9. Employee Access & Training

  • Internal access to systems is granted on a least-privilege basis.

  • All team members undergo regular security training and awareness sessions.

  • Employees must adhere to strict confidentiality and security policies.

10. Vulnerability Disclosure

We welcome input from the security community. If you discover a vulnerability, please report it responsibly to legal@dreamcache.ai. We’ll investigate and address all valid reports promptly.

11. Policy Updates

We may revise this policy periodically. Changes will be posted on our website with an updated "Effective Date."

12. Contact Us

For questions or concerns about this Security Policy or our security practices, contact:

Security Team
DreamCache ᴬᴵ Ltd
Email: legal@dreamcache.ai


‹ Cookie policy