Parallax HorizonParallax Horizon

Security & Compliance

Built to be trusted.

Security is not a feature we added — it is a requirement we designed around. Every system Parallax Horizon ships is built with data protection, access control, and operational transparency as first-class concerns.

Security Principles

01

Privacy by design

Data minimization and purpose limitation are built into our systems from the start — not added as controls after the fact.

02

Least privilege access

Every component, service, and team member accesses only what is necessary to perform its function. Access is time-limited and logged.

03

Defense in depth

We layer controls across the network, application, and data tiers. No single failure exposes customer data or disrupts service.

04

Transparent operations

We maintain audit trails for all significant system and administrative actions. Customers can request records relevant to their tenancy.

Data Handling

How we handle your data.

Data in transit

TLS 1.2+ enforced on all connections. Certificates managed and rotated automatically.

Data at rest

AES-256 encryption for all stored customer data. Keys managed per-tenant with rotation schedules.

Prompt & output data

Customer prompts and model outputs are not used to train our models by default. Enterprise customers may opt into managed fine-tuning pipelines under separate data agreements.

Data residency

Enterprise customers may specify geographic regions for data processing and storage to meet jurisdictional requirements.

Retention & deletion

Conversation and operational data is retained for the minimum period required. Customers may request deletion at any time.

Third-party subprocessors

We maintain a current list of subprocessors. All subprocessors are contractually bound to equivalent data protection standards.

Enterprise Controls

Controls built for enterprise requirements.

Identity & Access

  • SSO via SAML 2.0 and OIDC
  • Role-based access control (RBAC)
  • Multi-factor authentication enforcement
  • Session timeout and revocation
  • API key scoping and rotation

Monitoring & Audit

  • Immutable audit logs for all admin actions
  • Real-time anomaly detection
  • Usage dashboards and alerting
  • Exportable logs in SIEM-compatible formats
  • Incident notification within 72 hours

Network & Infrastructure

  • Private deployment options for enterprise
  • VPC peering and private endpoints
  • DDoS mitigation at the network edge
  • Penetration testing on a scheduled cadence
  • Vulnerability management program

Compliance & Governance

  • SOC 2 Type II (in progress)
  • GDPR-ready data processing agreements
  • CCPA compliance for California residents
  • Configurable data retention policies
  • Employee security training and background checks

Responsible AI

Safety is part of the product, not a disclaimer.

Output filtering

All production models operate behind output classifiers that detect and block harmful, deceptive, or policy-violating content before it reaches end users.

Usage policies

Customers agree to Acceptable Use Policies at onboarding. Automated monitoring and manual review detect policy violations. Repeated violations result in account suspension.

Red teaming

We conduct internal adversarial testing on models before deployment and engage external researchers through our vulnerability disclosure program.

Human oversight

Autonomous agents built on our platform are designed with configurable human-in-the-loop checkpoints. High-stakes actions can be gated on human approval.

Vulnerability Disclosure

Responsible disclosure program.

We welcome reports from security researchers who identify vulnerabilities in our systems or models. We commit to acknowledging all valid reports within 5 business days and resolving critical issues within 30 days.

We do not pursue legal action against researchers who report vulnerabilities in good faith and follow responsible disclosure practices.

In scope

  • Authentication and authorization flaws
  • Data exposure or leakage
  • Prompt injection and model jailbreaking
  • API security vulnerabilities
  • Privilege escalation

Report a vulnerability

security@parallaxhorizon.com

Questions

Enterprise customers and prospects with specific compliance or security requirements should contact our team directly.

Contact security team →