FAQ: Security, Privacy & Reliability
Find answers to common questions about security, privacy, and reliability.
By amaise Support1 author80 articles
Where are documents processed by AI?
Which AI models and providers does amaise use?
How is the AI pipeline isolated from the rest of the application?
What happens if the AI service is unavailable?
How is the traceability of AI results ensured?
How are AI hallucinations detected and prevented?
Is there human oversight of AI decisions?
Are customer data used to train AI models?
How does the document processing pipeline work?
How does amaise protect against prompt injection attacks?
What does the CI/CD security pipeline look like?
Can customers conduct their own penetration tests?
How are dependencies checked for vulnerabilities?
How is input validation ensured?
How does amaise protect against the OWASP Top 10?
What does the secure software development process look like?
Which security headers does amaise use?
Which static code analyses are performed?
How is supply chain security ensured?
How are vulnerabilities prioritized and resolved?
How are API keys secured at amaise?
How does amaise protect against brute force attacks?
Can customers connect their own identity providers?
How is employee access managed?
How does machine-to-machine authentication work?
How does multi-factor authentication work in amaise?
What roles and permissions are available in amaise?
Does amaise support Single Sign-On (SSO)?
How are access tokens managed and protected?
How are WebSocket connections secured?
How is compliance continuously monitored?
Can customers audit amaise’s security controls?
What is amaise’s position on the EU AI Act?
How does amaise meet international data protection requirements?
Which industry-specific frameworks does amaise comply with?
What certifications does amaise have?
How often are penetration tests conducted?
How does responsible vulnerability disclosure work?
What does amaise’s SOC 2 report cover?
How does amaise meet data protection requirements (GDPR, nDSG, US)?
How are customers notified in the event of security incidents?
Does amaise have cyber insurance?
How are database backups performed?
What does the incident response plan look like?
How is the cause analyzed after an incident?
How are backups protected against ransomware?
How quickly can amaise recover after an outage?
How are rollbacks performed for faulty deployments?
Is there a status page for customers?
How is availability monitored?
How is administrative access to the infrastructure protected?
How does amaise ensure availability?
How are containers and deployments secured?
In which regions are customer data stored?
What DDoS protection does amaise provide?
How is outgoing network traffic controlled?
How is the infrastructure managed as code?
How are networks segmented at amaise?
How are patches and updates managed?
How does amaise’s web application firewall work?
Does amaise support customer-owned encryption keys (BYOK/CMK)?
What data classification does amaise use?
How is the integrity of stored data ensured?
How does amaise protect data in the database?
Which encryption algorithms does amaise use?
How is encryption ensured during transmission?
How are the encryption keys protected?
How is the object storage protected against unauthorized access?
How are secrets and access credentials managed?
How is data isolation between tenants technically implemented?
How are data transfers to third countries secured?
How does data deletion work at the end of a contract?
How is data minimization ensured?
How are data subject rights implemented?
Does amaise provide a data processing agreement (DPA)?
Does amaise conduct data protection impact assessments?
How does amaise handle official data requests?
What retention periods apply to customer data?
Which special data categories does amaise process?
Which subprocessors does amaise use?