W
Wilbur Salt OS

Security at Salt AI

Enterprise-grade security designed for the most demanding life sciences environments. Your data protection is our highest priority.

SOC 2 Type II

Certified

HIPAA

Compliant

GDPR

Compliant

GxP Ready

Validated

Data Encryption

All data processed by Wilbur Salt OS is protected by industry-leading encryption standards. We employ a defense-in-depth approach to ensure your sensitive information remains secure at every stage.

In Transit

TLS 1.3 encryption for all data transmission. Perfect forward secrecy ensures that even if keys are compromised, past communications remain secure.

At Rest

AES-256 encryption for all stored data. Encryption keys are managed through a dedicated key management service with automatic rotation.

Infrastructure Security

Our platform is built on enterprise-grade cloud infrastructure with multiple layers of security controls. We maintain SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality.

  • Multi-Cloud Architecture: Deployable on AWS, Google Cloud, or Microsoft Azure with region-specific data residency options
  • Network Isolation: Virtual private clouds with strict network segmentation and firewall rules
  • DDoS Protection: Enterprise-grade protection against distributed denial-of-service attacks
  • Containerized Deployments: Isolated, containerized environments for enhanced security and portability
  • On-Premises Option: Full on-premises deployment available for organizations requiring complete data sovereignty

Access Control & Authentication

We implement strict access controls to ensure that only authorized personnel can access your data. Our authentication and authorization systems are designed to meet the requirements of regulated industries.

  • Multi-Factor Authentication (MFA): Required for all user accounts with support for hardware tokens and authenticator apps
  • Single Sign-On (SSO): Integration with enterprise identity providers (SAML 2.0, OAuth 2.0, OpenID Connect)
  • Role-Based Access Control (RBAC): Granular permissions based on user roles and organizational hierarchy
  • Session Management: Automatic session timeout, concurrent session limits, and secure session handling
  • Least Privilege Principle: Users and systems are granted only the minimum access necessary

Audit Logging & Monitoring

Comprehensive audit logging and real-time monitoring provide complete visibility into system activity. Our logging infrastructure is designed to support regulatory compliance and forensic investigation requirements.

  • Comprehensive Audit Trails: All user actions, data access, and system events are logged with timestamps and user attribution
  • Immutable Logs: Audit logs are stored in append-only storage to prevent tampering
  • Real-Time Alerting: Automated alerts for suspicious activity, failed login attempts, and policy violations
  • SIEM Integration: Export capabilities for integration with your organization's security information and event management systems
  • Retention Policies: Configurable log retention to meet regulatory requirements (default: 24 months)

Vulnerability Management

We maintain a proactive approach to identifying and remediating security vulnerabilities. Our security team continuously monitors for threats and implements patches in accordance with industry best practices.

  • Continuous Scanning: Automated vulnerability scanning of all infrastructure and application components
  • Penetration Testing: Annual third-party penetration testing by qualified security firms
  • Patch Management: Critical vulnerabilities patched within 24 hours; regular patches applied within 30 days
  • Secure Development: Security-focused SDLC with code reviews, static analysis, and dependency scanning
  • Bug Bounty Program: Responsible disclosure program for security researchers

Incident Response

Our incident response team is prepared to detect, respond to, and recover from security incidents. We maintain documented procedures and conduct regular drills to ensure rapid and effective response.

Incident Response Commitment

<1hr

Initial Response

24hr

Customer Notification

72hr

Detailed Report

Data Privacy Commitment

We understand that your organizational data is among your most valuable assets. Our commitment to data privacy includes:

  • No Data Sharing: Your proprietary data is never shared with third parties or used to train general AI models
  • Data Isolation: Customer data is logically isolated with strict access controls
  • Data Portability: Export your data at any time in standard formats
  • Secure Deletion: Certified data destruction upon request or account termination

Security Contact

If you have security concerns, questions, or wish to report a vulnerability, please contact our security team:

Salt AI Security Team

Security Inquiries: [email protected]

Vulnerability Reports: [email protected]

Compliance Questions: [email protected]

For enterprise customers, dedicated security contacts and custom security assessments are available upon request.

A SALT OS Company