Transport Security
All platform communications use TLS 1.2+ with HSTS enforcement. Content Security Policy headers prevent cross-site injection. CSRF protection on all state-changing operations.
Security & Responsible AI
Our security posture, data handling commitments, responsible AI principles, and compliance framework. Built to meet enterprise requirements from day one.
All platform communications use TLS 1.2+ with HSTS enforcement. Content Security Policy headers prevent cross-site injection. CSRF protection on all state-changing operations.
Multi-factor authentication is mandatory for all staff and superusers. Customer accounts support TOTP authenticator apps and email OTP. JWT-based single sign-on uses time-limited tokens with one-time use enforcement.
Honeypot traps for automated scanner detection, rate limiting on all API endpoints and public forms, permanent IP blocklisting for confirmed malicious actors, and exploit blocking for known scanner patterns.
Automated security monitoring with email alerts for anomalous activity. Daily security summaries for operations. Structured logging with full audit trails for authentication, API access, and billing events.
Production databases on managed PostgreSQL with automated backups. Media files on Azure Blob Storage with geo-redundancy. Passwords hashed with PBKDF2. Stripe handles all payment card data — no card data ever touches Aktirak servers.
Deployed on Render.com with automated health checks, rolling deployments, and environment variable isolation. No secrets in source code. Environment-specific configurations prevent accidental exposure of production credentials.
AI specialists generate workflows and recommendations; they do not execute them autonomously. All workflows require explicit human approval before deployment. This is enforced at the platform architecture level, not just policy.
Customer business data, conversation history, and workflow artifacts are never used to train or fine-tune AI models. AI specialists are trained exclusively on methodology documentation, not customer operational data.
Every AI-generated workflow includes a rationale explaining the methodology applied, the process steps chosen, and the expected outcomes. Customers can always ask their AI specialist to explain any recommendation.
AI capabilities are sourced from multiple providers (OpenAI, Anthropic, Google). No single AI vendor creates a single point of failure or undue dependency. Customers may choose their preferred AI engine for specialist sessions.
For security disclosures or compliance inquiries, use the corporate contact channel with the Security inquiry type.