Security
An overview of the security practices and controls we implement to protect our platform and users
Infrastructure security
Applied Labs's production environment is deployed on Google Cloud Platform (GCP). Implementation adheres to GCP's security best practices, including network segmentation, perimeter defense mechanisms, web application firewalls (WAF), and continuous vulnerability assessment and management (VA/VM).
Data protection
Cryptographic controls are implemented for data processing and storage, adhering to NIST-approved algorithms and key lengths. All network traffic traversing untrusted networks is encrypted using TLS 1.2 or higher. Data at rest is protected using AES-256 encryption.
Access control
Comprehensive audit logging is maintained for all production systems, capturing authentication events, system changes, and security-relevant activities. Access to applications is governed by federated identity management with multi-factor authentication (MFA). The principle of least privilege is enforced through Role-Based Access Control (RBAC) mechanisms.
Vulnerability disclosure
Applied Labs maintains a formal Vulnerability Disclosure Policy (VDP) to facilitate responsible reporting of security vulnerabilities. Despite rigorous secure development practices and quality assurance processes, we acknowledge the potential for undiscovered vulnerabilities. We encourage security researchers to report any identified vulnerabilities to security@appliedlabs.ai in accordance with our VDP guidelines.