Security & Data Protection Policy

Last Updated: 6th March 2026

At CoreNeural, security and data protection are fundamental to how our platform is designed, developed, and operated. We understand that organizations entrust us with sensitive operational knowledge, internal documentation, and proprietary information.

Our security architecture and operational practices are designed to ensure that customer data remains secure, private, and accessible only to authorized users.

This Security & Data Protection Policy outlines the measures we implement to safeguard customer information and maintain a secure platform environment.

1. Our Commitment to Security

CoreNeural is built with a security-first architecture designed to protect enterprise data at every stage of the information lifecycle. We prioritize:

• Data confidentiality
• Data integrity
• Secure system access
• Controlled data processing
• Continuous monitoring and threat prevention

Our platform incorporates industry-standard security practices to protect customer information against unauthorized access, misuse, disclosure, or alteration.

2. Data Encryption and Secure Storage

CoreNeural uses modern encryption protocols to protect data both in transit and at rest.

Encryption in Transit

All communication between users and the CoreNeural platform is encrypted using TLS (Transport Layer Security) protocols to ensure that data transmitted across networks remains protected.

Encryption at Rest

Customer data stored within CoreNeural infrastructure is encrypted using industry-standard encryption mechanisms to prevent unauthorized access to stored information.

Secure Infrastructure

CoreNeural operates on secure cloud infrastructure designed to meet enterprise security requirements, including redundancy, secure network configurations, and continuous monitoring.

3. Access Control and Authentication

Access to CoreNeural systems and customer data is restricted through robust access control mechanisms.

Role-Based Access Control (RBAC)

CoreNeural implements role-based access controls that allow organizations to define permissions for:

• Administrators
• Department Heads
• Authors or Contributors
• Employees or Users

This ensures that users can only access information relevant to their role.

Authentication Security

The platform supports secure authentication mechanisms, including:

• Strong password policies
• Multi-factor authentication (where enabled)
• Enterprise Single Sign-On (SSO) integrations

These controls reduce the risk of unauthorized account access.

4. Data Isolation and Tenant Security

CoreNeural operates as a multi-tenant SaaS platform, where each organization's data is logically separated from others. This ensures that:

• Customer data remains isolated between organizations
• No organization can access another customer’s information
• Internal data boundaries remain strictly enforced

Tenant isolation is a key component of our platform security design.

5. Data Privacy and Confidentiality

CoreNeural treats all customer data as confidential. We do not sell, rent, or share customer data with third parties for marketing or advertising purposes.

Customer data uploaded to the platform, including documents, knowledge sources, and internal policies, is used solely to provide the services offered by CoreNeural.

Access to customer data by CoreNeural personnel is strictly limited to authorized personnel who require such access for:

• Technical support
• Security monitoring
• Platform maintenance

All personnel handling customer data are subject to confidentiality obligations.

6. Secure Data Processing for AI Systems

CoreNeural uses artificial intelligence technologies to analyze and retrieve information from uploaded knowledge sources. Our AI systems are designed to:

• Process data only within the scope of customer queries
• Maintain strict access controls aligned with organizational permissions
• Avoid cross-organization data exposure

Customer knowledge sources are processed securely within the platform environment and are not used to train external public AI models.

7. Monitoring and Threat Detection

CoreNeural continuously monitors its systems for suspicious activity and potential security threats. Our security monitoring practices include:

• System activity logging
• Access monitoring
• Infrastructure monitoring
• Threat detection alerts

These measures help detect and respond to potential security incidents in a timely manner.

8. Vulnerability Management and Security Testing

We maintain an ongoing vulnerability management process to identify and mitigate potential security risks. This includes:

• Regular security reviews of the platform infrastructure
• Vulnerability assessments
• Security updates and patch management
• Continuous improvement of platform defenses

Security improvements are implemented regularly as part of our product development lifecycle.

9. Incident Response and Security Events

In the unlikely event of a security incident affecting customer data, CoreNeural maintains procedures designed to:

• Identify and contain the incident
• Assess potential impact
• Implement corrective actions
• Notify affected customers when required under applicable laws or contractual obligations

We aim to respond quickly and transparently to any security concerns.

10. Data Retention and Deletion

Customer data remains under the control of the organization that uploads it. Customers may request deletion of their data or terminate their account in accordance with our Terms of Service and Data Processing Agreement.

Upon account termination or verified deletion requests, CoreNeural will delete or anonymize customer data within a reasonable time frame unless retention is required by law.

11. Customer Security Responsibilities

While CoreNeural implements strong security safeguards, customers also play an important role in maintaining security. Customers are responsible for:

• Managing user access permissions
• Maintaining secure login credentials
• Ensuring authorized use of the platform
• Uploading data in compliance with applicable laws and organizational policies

12. Continuous Security Improvements

Security threats evolve continuously, and CoreNeural is committed to maintaining a proactive approach to security.

We regularly review and improve our security measures, infrastructure, and policies to ensure that our platform continues to meet the expectations of enterprise customers.

13. Contacting Our Security Team

If you have questions about this Security & Data Protection Policy or would like to report a potential security concern, please contact us at:

Email: info@coreneural.ai