How do you protect sensitive business data?

We follow least-privilege access, encryption in transit and at rest, and clear data handling procedures. We can also support NDAs, DPAs, and security addendums when needed.

Can you deploy on-premises?

Yes. We can deploy on-prem, in the cloud, or hybrid depending on your constraints.

Do you comply with PDPA?

We support PDPA-aligned workflows and data handling practices, and can work with your legal/security teams on requirements.

Trust & Security

Security and Compliance at Our Core

We understand that entrusting your data and AI projects requires confidence. That's why we build secure, transparent systems that comply with international standards.

Security Pillars

Our comprehensive approach to protecting your data, systems, and projects

Data Protection

Industry-standard encryption for data in transit and at rest

TLS 1.3 for all connections
AES-256 encryption for stored data
Automated encrypted backups
Data residency options when required

Access Control

Strict access controls following the principle of least privilege

Multi-factor authentication (MFA)
Role-based access control (RBAC)
Regular access reviews
Session management and automatic timeout

Monitoring & Audit

Comprehensive logging and monitoring for transparency and auditability

Audit logs for all data access
Real-time anomaly detection
Log retention for minimum 1 year
Executive summaries for administrators

Compliance & Privacy

Adherence to privacy regulations and data protection standards

PDPA (Thailand Personal Data Protection Act)
GDPR-ready architecture
Data Processing Agreements (DPA)
Data subject rights management

Infrastructure Security

Secure and modern infrastructure practices

Certified cloud infrastructure providers
Network segmentation and firewalls
Regular vulnerability scanning
Patch management and security updates

Incident Response

Prepared incident response and notification procedures

Tested incident response plan
On-call response team for critical incidents
Notification within 72 hours per PDPA
Post-incident analysis and prevention

Standards & Certifications

Our commitment to international standards and regulatory compliance

PDPA Compliance

Compliant with Thailand Personal Data Protection Act B.E. 2562

Active

ISO 27001 Ready

Information security management system following ISO standards

In Progress

GDPR Architecture

Architecture supporting GDPR requirements

Active

How We Handle Your Data

Transparency in how we collect, use, and protect your information

Data Collection

We collect only necessary data for service delivery and obtain consent before collecting any personal information.

Data Usage

Your data is used only for stated purposes such as AI model development, analytics, and service improvement.

Data Sharing

We do not sell or share personal data with third parties, except when required by law or with your consent.

Data Retention

We retain data only as long as necessary for its purpose or as required by law, and delete it when no longer needed.

Your Rights

You have the right to access, rectify, erase, object to processing, and receive your personal data at any time. Contact us at privacy@cerebratechai.com

Frequently Asked Questions

Answers to common questions about our services and solutions

Questions About Security?

Our security team is happy to answer questions and provide additional information about our practices and policies.

Security inquiries: security@cerebratechai.com

Privacy inquiries: privacy@cerebratechai.com

Compliance inquiries: compliance@cerebratechai.com