# SkyDeck.ai Security Practices ### **Data Security** * All our components are **hosted within a secure VPC** and data is encrypted at rest with **AWS KMS using AES-256**. Furthermore, we employ **TLS 1.2 or higher** for encryption in transit. * Our **application secrets** are also securely encrypted at rest with KMS and AES-256. ### Enhanced Conversation Security In addition to encryption at rest we provide optional enhanced security features around user conversation content and conversation names. * We can provide a second independent layer of encryption of conversation data at rest. The advantage of this approach is redundant security. But this comes at a cost of an extra layer on decryption when conversations are displayed or used in searches.\ \ This is an option in Control Center for enterprise customers.\\ * Every user can hold the encryption keys to their own conversation data at rest. In this way we only have access to their conversation data while they are logged into our system. When they log out, the data is encrypted and we have no record of the decryption key. We use an independent hash of the user's password to implement that encryption. We do not store the password, and the hash exists only while the user is logged in.\ \ The advantage of this approach is that no one can access user data if the user *simply stops using* the platform. The data is effectively gone when not actively in use by the user. The disadvantage of this approach is that if the user loses their password they lose all of their conversation data without any recourse. Another disadvantage is that displaying and working with conversation data will be slower and more *laggy*. Also, changing the user password will be a slower process because all data will need to be decrypted and re-encrypted.\ \ This is an optional feature for enterprise customers. ### **Product Security** * SkyDeck.ai implements regular **penetration testing** and conducts **vulnerability scanning** at crucial stages of our Secure Development Lifecycle (SDLC). * Our security strategies include both **black-box and grey-box testing** during penetration testing. * We utilize various methods to ensure the security of our system, including **Static analysis, Software composition analysis, Malicious dependency scanning, Dynamic analysis, and Network vulnerability scanning**. ### **Access Management** * We leverage **reputed SSO services** for securing our identity and access management. * Access to applications is role-based and is automatically revoked upon the end of employment. * Any further access must comply with the policies set for each application. ### **Data Protection** * We guarantee that all customer data is **encrypted both at rest and during transit**. * **AWS Key Management System (KMS)** is responsible for managing our encryption keys. ### **Security Education** * Comprehensive security training is provided to all employees during their onboarding process and is refreshed annually through educational modules within our platform. * Our team shares regular threat briefings in communication channels to keep them informed of important security updates. ### **Vendor Security** * We ensure secure remote access to internal resources using **WireGuard**. * To provide an additional layer of protection, we also use **malware-blocking DNS servers** to safeguard employees and their endpoints while browsing the internet. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.skydeck.ai/security/skydeck.ai-security-practices.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.