Security & Compliance
Built to be trusted.
Security is not a feature we added — it is a requirement we designed around. Every system Parallax Horizon ships is built with data protection, access control, and operational transparency as first-class concerns.
Security Principles
Privacy by design
Data minimization and purpose limitation are built into our systems from the start — not added as controls after the fact.
Least privilege access
Every component, service, and team member accesses only what is necessary to perform its function. Access is time-limited and logged.
Defense in depth
We layer controls across the network, application, and data tiers. No single failure exposes customer data or disrupts service.
Transparent operations
We maintain audit trails for all significant system and administrative actions. Customers can request records relevant to their tenancy.
Data Handling
How we handle your data.
Data in transit
TLS 1.2+ enforced on all connections. Certificates managed and rotated automatically.
Data at rest
AES-256 encryption for all stored customer data. Keys managed per-tenant with rotation schedules.
Prompt & output data
Customer prompts and model outputs are not used to train our models by default. Enterprise customers may opt into managed fine-tuning pipelines under separate data agreements.
Data residency
Enterprise customers may specify geographic regions for data processing and storage to meet jurisdictional requirements.
Retention & deletion
Conversation and operational data is retained for the minimum period required. Customers may request deletion at any time.
Third-party subprocessors
We maintain a current list of subprocessors. All subprocessors are contractually bound to equivalent data protection standards.
Enterprise Controls
Controls built for enterprise requirements.
Identity & Access
- SSO via SAML 2.0 and OIDC
- Role-based access control (RBAC)
- Multi-factor authentication enforcement
- Session timeout and revocation
- API key scoping and rotation
Monitoring & Audit
- Immutable audit logs for all admin actions
- Real-time anomaly detection
- Usage dashboards and alerting
- Exportable logs in SIEM-compatible formats
- Incident notification within 72 hours
Network & Infrastructure
- Private deployment options for enterprise
- VPC peering and private endpoints
- DDoS mitigation at the network edge
- Penetration testing on a scheduled cadence
- Vulnerability management program
Compliance & Governance
- SOC 2 Type II (in progress)
- GDPR-ready data processing agreements
- CCPA compliance for California residents
- Configurable data retention policies
- Employee security training and background checks
Responsible AI
Safety is part of the product, not a disclaimer.
Output filtering
All production models operate behind output classifiers that detect and block harmful, deceptive, or policy-violating content before it reaches end users.
Usage policies
Customers agree to Acceptable Use Policies at onboarding. Automated monitoring and manual review detect policy violations. Repeated violations result in account suspension.
Red teaming
We conduct internal adversarial testing on models before deployment and engage external researchers through our vulnerability disclosure program.
Human oversight
Autonomous agents built on our platform are designed with configurable human-in-the-loop checkpoints. High-stakes actions can be gated on human approval.
Vulnerability Disclosure
Responsible disclosure program.
We welcome reports from security researchers who identify vulnerabilities in our systems or models. We commit to acknowledging all valid reports within 5 business days and resolving critical issues within 30 days.
We do not pursue legal action against researchers who report vulnerabilities in good faith and follow responsible disclosure practices.
In scope
- Authentication and authorization flaws
- Data exposure or leakage
- Prompt injection and model jailbreaking
- API security vulnerabilities
- Privilege escalation
Report a vulnerability
security@parallaxhorizon.comQuestions
Enterprise customers and prospects with specific compliance or security requirements should contact our team directly.
Contact security team →