Data compliancy

Last updated June 2023

Is there any redundancy solution in case Eden.AI/API is down or experiencing associated service levels?

We have redundancy in case Eden AI is down. We have back servers in London and Dublin. We guarantee SLA 99,9% uptime.

Does the loading of users data into Eden AI APIs/services comply with GDPR regulations?

We are GDPR compliant and do not store any data. As we are a hub that redirects to different AI APIs, the providers might have different data compliances. You can access to their policies here.

Who/which entities have access to this data and for what intended purposes?

The entities that have access to this data are limited to our authorized personnel and the underlying AI service providers. The data is accessed solely for the purpose of providing the intended AI functionalities and is handled with strict confidentiality.We promptly remove processed data from our servers within 24 hours for enhanced data privacy.

What is the jurisdiction of these services?

The jurisdiction of these services depends on the specific AI service providers integrated within Eden AI. Each provider may have its own jurisdiction, that you can access here.

How is authentication/confidentiality addressed?

Authentication and confidentiality are paramount in our system design. We employ secure API keys to authenticate and authorize access to our APIs. This ensures that only authorized clients can interact with our services. To maintain data confidentiality, we utilize strong encryption algorithms (TLS -Transport Layer Security), for secure communication between client systems and our API endpoints. This protects data from unauthorized interception or tampering during transit.

How is the customer information segregated/isolated from the other entities using the service?

We ensure that your client information is segregated and isolated from other entities using the service via strict application layer controls. We employ data separation techniques to prevent cross-contamination, ensuring the privacy and security of your data. There is absolutely no overlap between your documents and associated data and other customers.

Is there any form of data persistence for the processed data, or is it deleted after API invocation?

There is no data persistence for the processed data by default. The data is typically processed and then discarded after API invocation, ensuring that your data is not retained unnecessarily.

Is the communication used in the service encrypted?

Yes, the communication used in the service is encrypted. We utilize secure communication protocols such as HTTPS to ensure the confidentiality and integrity of data transmitted between your system and the API.

Is there a contractual guarantee regarding cybersecurity topics supporting the activity/provision of the service by the service/API provider?

Yes, we provide contractual guarantees regarding cybersecurity topics to support the activity and provision of the service. Our service/API provider agreements include provisions for cybersecurity measures, ensuring the security and integrity of the service we provide.

What is the process for handling data breaches or security incidents?

In the event of a data breach or security incident, we have a documented process in place to handle and respond to the incident. This includes notifying affected users, conducting a thorough investigation, and implementing any necessary remediation measures to prevent future incidents.

Are there any measures in place to protect against data breaches or cyber attacks?

Yes, we have implemented a range of security measures to protect against data breaches and cyber attacks. These measures include regular security audits, vulnerability assessments, and penetration testing. We also have incident response plans in place to quickly respond to and mitigate any security incidents.