Security

1. Our Commitment

Nubio Deep Intelligence Pte. Ltd. ("Nubio") handles sensitive operational data and treats security as a foundational requirement. We employ a defence-in-depth approach across all layers of our infrastructure and continuously improve our practices based on the evolving threat landscape.

2. Infrastructure

• Cloud-hosted on enterprise-grade infrastructure.
• Data encrypted at rest and in transit using industry-standard methods.
• Network segmentation and access restricted to required services only.
• Regular patching and vulnerability management.
• Container-based deployment with hardened configurations.
• No direct administrative access to production systems.

3. Data Protection

• Customer data logically isolated per tenant.
• Automated encrypted backups.
• Data retention aligned with contractual obligations.
• Secure deletion when data is no longer required.
• No customer data used for cross-tenant purposes without explicit written consent.

4. Access Controls

• Role-based access control for all platform access.
• Multi-factor authentication enforced for all Nubio personnel.
• Principle of least privilege applied across all systems.
• Regular access reviews and deprovisioning.
• Audit logging of all administrative actions.
• SSO integration available for enterprise customers.

5. Application Security

• Secure software development lifecycle.
• Code review required for all changes.
• Automated security scanning in the development pipeline.
• Regular third-party penetration testing.
• API rate limiting and abuse detection.

6. Incident Response

• Documented incident response plan with defined severity levels.
• Continuous monitoring and alerting for security events.
• Data breach notification in accordance with the Personal Data Protection Act 2012 ("PDPA"): within 3 calendar days of determining a breach is notifiable, with assessment completed within 30 days of awareness.
• Post-incident review and remediation tracking.
• Communication procedures for affected customers.

7. Compliance

Framework	Status
Singapore PDPA	Compliant
IMDA AI Governance Framework	Aligned
SOC 2 Type II	Planned
ISO 27001	Planned

Nubio conducts regular compliance assessments and supports customer audits under appropriate confidentiality obligations.

8. Vulnerability Disclosure

We welcome responsible security research. If you discover a vulnerability in any Nubio system, please report it to legal@nubio.world.

• Reports acknowledged within 24 hours.
• Initial assessment within 5 business days.
• We do not pursue legal action against good-faith researchers.

Out of scope: social engineering, physical attacks, and denial-of-service attacks.

9. Business Continuity

• Documented disaster recovery plan with defined recovery objectives.
• Automated failover for critical infrastructure.
• Regular backup testing and recovery drills.
• Annual business continuity plan review.

10. Contact