Back to Home

Security

Last Updated: January 8, 2025

1. Our Security Commitment

At Gid AI, security is not an afterthoughtโ€”it's built into every aspect of our platform. We understand that restaurant businesses trust us with sensitive employee data, operational information, and business intelligence. This responsibility drives our comprehensive approach to security.

We implement enterprise-grade security measures that meet or exceed industry standards, ensuring your data remains protected at all times.

2. Infrastructure Security

Cloud Infrastructure

Our platform is built on enterprise-grade cloud infrastructure from industry leaders:

โ˜๏ธ

Google Cloud Platform

Primary hosting and data processing with automatic scaling and global redundancy

๐Ÿ”ง

Amazon Web Services

Additional services and backup infrastructure for maximum reliability

๐Ÿ”ฅ

Firebase

Real-time database and authentication with enterprise-grade security

Network Security

  • DDoS Protection: Advanced protection against distributed denial of service attacks
  • Web Application Firewall: Filters malicious traffic before it reaches our servers
  • Load Balancing: Distributes traffic across multiple servers for reliability
  • CDN Protection: Content delivery network with built-in security features

3. Data Protection

๐Ÿ” Encryption Everywhere

All data is encrypted both in transit and at rest using industry-standard AES-256 encryption. This means your information is protected whether it's being transmitted between systems or stored in our databases.

Data in Transit

  • TLS 1.3 encryption for all web communications
  • Certificate pinning to prevent man-in-the-middle attacks
  • End-to-end encryption for sensitive data transmission
  • Secure API endpoints with proper authentication

Data at Rest

  • AES-256 encryption for all stored data
  • Encrypted database storage with automatic key rotation
  • Secure backup systems with encryption
  • Hardware security modules (HSMs) for key management

4. Access Controls

Multi-Factor Authentication

We require multi-factor authentication (MFA) for all administrative access and offer it as an option for all users. This adds an extra layer of security beyond just passwords.

Role-Based Access Control

  • Granular permissions based on user roles and responsibilities
  • Principle of least privilege - users only access what they need
  • Regular access reviews and automated deprovisioning
  • Session management with automatic timeouts

Administrative Access

  • All administrative access is logged and monitored
  • Privileged access management (PAM) system
  • Just-in-time access for maintenance operations
  • Regular security training for all staff

5. Monitoring and Threat Detection

๐Ÿ›ก๏ธ 24/7 Security Operations Center

Our security operations center monitors our systems around the clock, using advanced threat detection and automated response systems to identify and respond to potential security incidents.

Real-Time Monitoring

  • Continuous monitoring of all system activities
  • Automated threat detection using machine learning
  • Intrusion detection and prevention systems
  • Anomaly detection for unusual access patterns

Incident Response

  • Dedicated incident response team available 24/7
  • Automated response to common security events
  • Clear escalation procedures for critical incidents
  • Regular incident response drills and testing

6. Security Certifications and Compliance

๐Ÿ†

SOC 2 Type II

Annual third-party audit of our security controls and procedures

๐Ÿ”’

ISO 27001

International standard for information security management systems

โœ…

GDPR Compliant

Full compliance with European data protection regulations

Regular Audits

  • Annual SOC 2 Type II audits by independent third parties
  • Quarterly internal security assessments
  • Regular penetration testing by security experts
  • Continuous compliance monitoring and reporting

7. Application Security

Secure Development Practices

  • Security-first development methodology
  • Regular code reviews with security focus
  • Automated security testing in our development pipeline
  • Static and dynamic application security testing

Vulnerability Management

  • Regular vulnerability scans and assessments
  • Automated patching for critical security updates
  • Bug bounty program with security researchers
  • Responsible disclosure process for security issues

8. Business Continuity and Disaster Recovery

๐Ÿ”„ 99.9% Uptime Commitment

We maintain multiple data centers and backup systems to ensure your business operations continue even in the event of hardware failures or natural disasters.

Backup and Recovery

  • Automated daily backups with encryption
  • Multiple geographic backup locations
  • Point-in-time recovery capabilities
  • Regular disaster recovery testing

High Availability

  • Multi-region deployment for redundancy
  • Automatic failover systems
  • Load balancing across multiple servers
  • Real-time health monitoring and alerting

9. Employee Security

Background Checks

All employees with access to customer data undergo comprehensive background checks and sign confidentiality agreements.

Security Training

  • Mandatory security awareness training for all staff
  • Regular phishing simulation exercises
  • Specialized training for security-sensitive roles
  • Annual security policy reviews and updates

10. Customer Security Best Practices

Account Security

  • Use strong, unique passwords for your Gid AI account
  • Enable multi-factor authentication when available
  • Regularly review user access and permissions
  • Report any suspicious activity immediately

Data Management

  • Limit access to sensitive information on a need-to-know basis
  • Regularly review and clean up user accounts
  • Keep your integration systems up to date
  • Follow your organization's data retention policies

11. Incident Reporting

If you discover a security vulnerability or experience a security incident related to our service, please contact us through the information provided in our footer.

What to Include

  • Description of the security issue or incident
  • Steps to reproduce the vulnerability (if applicable)
  • Your contact information
  • Any evidence or screenshots (if safe to share)

12. Transparency and Communication

We believe in transparent communication about security:

  • We will notify customers of any security incidents that may affect their data
  • We publish regular security updates and best practices
  • We maintain an up-to-date security documentation
  • We participate in industry security forums and initiatives