Security Policy

1. Infrastructure

DMS Labs AI runs on NVIDIA Blackwell-class GPU capacity — primarily B200, with RTX 5090, RTX 6000 Pro, and GB300 — behind Cloudflare edge protection. Production workloads are isolated from staging and development environments.

2. Encryption

• TLS 1.3 for all external traffic.
• Encryption at rest for databases, object storage, and backups.
• API keys are stored hashed; secrets are managed through a dedicated vault.

3. Access Control

• Least-privilege role-based access for DMS Lab personnel.
• JWT HttpOnly cookies and Google OAuth for customer sign-in.
• Audit logging for privileged actions and billing operations.

4. Secure Development

• Code review and automated CI checks (typecheck, lint, format).
• Dependency scanning and prompt patching of critical vulnerabilities.
• Zod schema validation on API boundaries.

5. Incident Response

Security incidents are triaged 24/7. Confirmed breaches affecting your data are reported to affected customers without undue delay and, where applicable, to Vietnamese authorities under Decree 13/2023/ND-CP.

6. Compliance

We align with OWASP ASVS and ISO 27001 control families as operating targets. Formal certifications, where applicable, are disclosed on request.

7. Responsible Disclosure

Report vulnerabilities to security@dmslab.ai. We will not pursue legal action against researchers acting in good faith who avoid privacy violations, data destruction, and service disruption.

8. Business Continuity

Daily backups with tested restore procedures. Enterprise customers can request cross-region replication and dedicated runbooks.