Security & Compliance

Predictura blends High Performance Computing (HPC) with Generative AI and built-in governance. From day one, we designed the platform to cut run-times from hours to minutes without compromising privacy, compliance, or auditability. It runs in the cloud (default EU region) with an on-prem option.

Our Principles

  • Privacy by design — data minimisation, log redaction, controlled telemetry.

  • Security by default — encryption in transit & at rest, least-privilege roles, safe defaults.

  • Audit & reproducibility — every result has a trace: data + parameters + user + timestamp.

  • Shared responsibility — clear split between Predictura (platform) and the Customer (content & access).

Architecture & Hosting

  • SaaS (EU) — isolated customer environments, VPC, optional dedicated region.

  • On-prem (Docker/K8s) — full data and network control on your side.

  • Ephemeral compute — compute nodes are created per run and torn down afterwards, reducing the attack surface.

Encryption & Key Management

  • In transit: TLS 1.2+ (HTTPS).

  • At rest: disk-level encryption (e.g., AES-256).

  • Keys: cloud KMS by default; optional customer-managed keys (CMK) on request/roadmap.

Identity & Access

  • RBAC with least-privilege roles.

  • SSO (SAML/OIDC) integration with your IdP; MFA enforced at IdP.

  • Activity logging — clear, exportable access/change logs.

Data & Privacy (GDPR)

  • Data residency: EU by default; other regions by agreement.

  • DPA with customers and, where applicable, SCC with subprocessors.

  • Data subject rights: DSAR support (access, rectification, erasure), configurable retention.

  • No model training on your data — unless explicitly and separately agreed.

Audit & Governance

  • Audit trail per run: data version, parameters, user, timestamp.

  • Versioning of models and configurations; compare Base vs V1/V2….

  • Explainability (XAI): parameters and rationale are visible in reports.

  • Export logs/metadata to your systems (SIEM/GRC) on request.

Business Continuity & Retention

  • Backups with regular restore testing.

  • RPO/RTO tuned to your requirements (SaaS/on-prem).

  • Retention policy — defined storage windows; automatic purge after expiry.

Compliance & Certifications

  • Today: RBAC, logging, encryption, DPA/SCC, EU data residency.

  • Roadmap: Solvency II alignment (process), ISO 27001/27701, enhanced backup/retention policy, CMK by default.

  • Related regulations: readiness for EU AI Act, DORA, NIS2 in transparency and accountability domains.

Subprocessors & Data Transfers

  • We work with vetted subprocessors (list available on request).

  • Contracts cover security obligations, confidentiality, GDPR, and—where applicable—SCC.

Compute Security (HPC + AI)

  • Job isolation and resource controls; no cross-tenant memory sharing.

  • APS (compute usage): billed by consumption units, avoiding unnecessary result data retention.

  • Security testing: image scanning, patching, environment hardening.