Security policy
Mitigate AI Platform
Platform: ai-platform.mitigate.dev
Version: v1.0. Approved: 19 June 2026. Next review: no later than 19 June 2027.
Operators: SIA Mitigate (Reg. 50103381201) and Mitigate AI Services SIA (Reg. 40203603914), Gustava Zemgala gatve 74A, Riga, LV-1039 (joint operators).
Introduction
This Security Policy outlines the measures in place to ensure the security and integrity of the Mitigate AI Platform - a multi-tenant GenAI platform providing chatbots, agents, and workflows grounded in customer knowledge, with secure tool execution. It protects the platform, its data, and its users from unauthorized access, disclosure, alteration, and destruction.
Scope & shared responsibility
This Security Policy describes the Mitigate-managed (SaaS) deployment of the Mitigate AI Platform, hosted by Mitigate on AWS (Amazon EKS), EU region eu-central-1 (Frankfurt).
The platform can also be self-hosted on the customer's own infrastructure. In that case the infrastructure layer is the customer's responsibility, and the hosting-dependent controls below do not apply to Mitigate. Mitigate remains responsible for the application/software layer (the security features described here) and for secure software delivery.
| Control | Mitigate-managed (SaaS) | Self-hosted |
|---|---|---|
| Hosting, physical security, data centre | Mitigate (AWS, eu-central-1) | Customer |
| Network security, firewalls, segmentation | Mitigate | Customer |
| Backups & disaster recovery (execution) | Mitigate | Customer |
| Encryption at rest (disk/DB) | Mitigate | Customer |
| Availability / redundancy | Mitigate | Customer |
| Application security (RBAC, SSO, audit, isolation, encryption in transit, sandbox) | Mitigate | Mitigate (software) |
| Secure development (code review, ISO 90003, vulnerability mgmt) | Mitigate | Mitigate |
| User & identity management (auth method, MFA, access reviews) | Customer (their IdP/users) | Customer |
Platform high-level architecture
The Mitigate AI Platform is a Ruby on Rails cloud application with a reactive UI (Hotwire/Inertia). Customer data is stored in PostgreSQL; the managed deployment runs on Kubernetes (Amazon EKS) in the EU (eu-central-1). Data is segmented per organization and per workspace. All communication is over TLS/HTTPS; the embedded chat channel uses JWE (JSON Web Encryption) end-to-end. The platform uses an agent architecture: a main assistant plus connector tools and optional sandboxed code execution, with RAG semantic search over the knowledge base.
Data security & privacy
- Encryption in transit: All traffic encrypted with TLS/HTTPS. Embedded chat uses JWE.
- Encryption at rest: All data is encrypted at rest (managed deployment). For self-hosted deployments, the customer's database/disk encryption applies.
- Data classification: Platform data is categorized in our Privacy Policy (account, conversation, knowledge-base, connector, AI-interaction, usage, technical data) with defined purposes. All customer-uploaded content is confidential by default and isolated per organization/workspace.
- Data residency: Mitigate-managed infrastructure is located in the EU. Self-hosting keeps all data on the customer's infrastructure. Data sent to a customer-selected LLM provider may be processed outside the EU under SCCs/adequacy safeguards (locations disclosed).
- Backup & recovery: For Mitigate-managed deployments, regular automated backups are performed, with documented backup procedures and weekly/monthly maintenance checks.
- Data retention: Configurable per organization (Admin → Data Retention Policy). Account data deleted within 30 days of closure (or after 12 months inactivity); technical logs retained up to 12 months; documents/knowledge base deleted on request or with the workspace.
- GDPR: Joint operators; processed under GDPR. Organization = data controller; Mitigate = data processor (controller only for technical data). DPAs in place with sub-processors.
- Legal documents: Privacy Policy (ai.mitigate.dev/privacy), Terms of Service (ai.mitigate.dev/terms-of-service), Cookie Policy (ai.mitigate.dev/cookie-policy).
AI & LLM security
- Model providers (configurable per workspace): OpenAI, Anthropic, Google Gemini, Mistral (EU), OpenRouter. Per our Privacy Policy, customer data submitted via these APIs is not used for model training; processing is request-scoped.
- No automated legal-effect decisions: All AI outputs are informational and require human review.
- Approval before action: Every write/action follows a pending → approved → executed flow; the assistant requires explicit user approval before executing tools.
- Attributable identity: Connectors typically authenticate as the individual user (per-user OAuth) so actions are attributable. Some connectors may use a static/service token where the connected system requires it.
- Agent / workspace isolation: Each workspace has its own knowledge, connectors, and permissions; by default one workspace's agent cannot access another's data. Admins may explicitly share a knowledge base or connector across workspaces.
- Sandbox isolation: Code execution runs in isolated containers hardened with gVisor (kernel-level sandbox preventing container escape). Optional/per-workspace.
- Cost / iteration controls: Workflows enforce max-turns limits and per-workspace rate limits; token/cost tracked per workspace/provider.
Knowledge base & document processing
- Ingests files (PDF, DOCX, XLSX, PPTX, HTML, CSV, MD) and connected sources (SharePoint, Google Drive, etc.); re-synced daily.
- RAG semantic search scoped per workspace/source; answers include source citations.
- Web fetch (optional) reads URLs shared in chat (up to 20 MB).
- Documents and indexes scoped to the owning organization/workspace.
User access control
- Authentication: SSO via OpenID Connect (Microsoft Entra ID, Google Workspace, Okta, Auth0, Keycloak) and email + password.
- MFA: MFA is provided through the organization's SSO/identity provider. The platform does not enforce MFA on email/password accounts - each customer chooses its own authentication approach (e.g. enforce SSO + MFA via their identity provider).
- Passwords: Hashed and salted (bcrypt); never stored in plain text. Minimum password length is 16 characters. Customers may enforce SSO.
- RBAC: Organization roles (owner / admin / member), workspace membership, OIDC role mapping (Entra ID). Users only access their workspace's data.
- Sessions: Secure session cookies with inactivity expiry.
Audit & monitoring
- Audit Trail: Full log of every create/update/delete across workspaces, documents, connectors, memberships, organization settings, API tokens, etc., showing who/what/when with field-level diffs; searchable and filterable; available to org owners/admins. Sensitive fields (API keys, secrets, encryption keys) are excluded.
- Run history: Every workflow/agent run is recorded (status, tasks, tools invoked, token usage) and replayable.
- Monitoring: Platform monitoring via Sentry (error logging) and Langfuse (LLM metrics).
Multi-tenant isolation
- Organization- and workspace-level logical isolation in the database; queries scoped to the authenticated user's organization/workspace.
- Per-user OAuth means connector access respects each user's own permissions in the connected system.
Secure development
- SIA Mitigate (development) is certified to ISO 9001:2015 and applies ISO/IEC/IEEE 90003:2018 software-engineering guidelines.
- Code review before delivery; engagements follow OWASP Top 10 remediation with CVE/CVSS-based SLAs (critical 7d / high 14d / medium-low 30d).
- Automated static security analysis (Brakeman) is part of the development process.
- Secrets stored as environment variables / config, never committed to source code.
Compliance & certifications
- GDPR: Aligned; EU data residency for managed deployments; configurable retention & deletion.
- ISO 9001:2015 and ISO/IEC/IEEE 90003:2018 - held/applied by SIA Mitigate (development).
- Security audits & training: Regular security audits and employee training (per Privacy Policy). An independent penetration test is planned for Q4 2026 (October/November).
- ISO 27001 / SOC: Mitigate does not hold ISO 27001/SOC. Managed infrastructure runs on AWS (eu-central-1); AWS data centres are accredited under ISO 27001, SOC 1/2 and PCI (provider certifications).
Sub-processors
Per our Privacy Policy: LLM providers (per-workspace selection), EU-based cloud infrastructure (hosting/storage), Langfuse (LLM metrics), Sentry (error logging), plus any external services the customer connects. DPAs are in place with sub-processors.
Contact
Security & data: datuapstrade@mitigate.dev · General: ai@mitigate.dev · +371 26698779