Back to Home

Security Policy

Last Updated: 22nd December 2025

At AhmadAI, security is fundamental to everything we do. This Security Policy outlines our comprehensive approach to protecting your data, our systems, and our services.

1. Security Commitment

AhmadAI is committed to:

  • Protecting the confidentiality, integrity, and availability of all data
  • Implementing industry-leading security practices
  • Continuously improving our security posture
  • Complying with applicable security standards and regulations

2. Encryption

We implement comprehensive encryption:

  • Data in Transit: TLS 1.3 for all communications
  • Data at Rest: AES-256 encryption for stored data
  • Key Management: Hardware security modules (HSMs) for key storage
  • Database Encryption: Transparent data encryption for databases

3. Infrastructure Security

Our infrastructure is protected by:

  • SOC 2 Type II certified data centers
  • Multi-layer firewalls and network segmentation
  • DDoS protection and mitigation
  • Intrusion detection and prevention systems (IDS/IPS)
  • Web application firewalls (WAF)

4. Access Control

We enforce strict access controls:

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) required for all staff
  • Principle of least privilege
  • Regular access reviews and audits
  • Privileged access management (PAM)

5. Monitoring & Detection

Continuous security monitoring includes:

  • 24/7 Security Operations Center (SOC)
  • Real-time threat detection and alerting
  • Security Information and Event Management (SIEM)
  • Anomaly detection using machine learning
  • Comprehensive audit logging

6. Personnel Security

Our personnel security measures include:

  • Background checks for all employees
  • Mandatory security awareness training
  • Confidentiality agreements
  • Regular phishing simulations
  • Secure offboarding procedures

7. Incident Response

Our incident response program includes:

  • Documented incident response procedures
  • Dedicated incident response team
  • Regular tabletop exercises
  • Post-incident analysis and remediation
  • Customer notification within required timeframes

8. Security Testing

We conduct regular security assessments:

  • Annual third-party penetration testing
  • Continuous vulnerability scanning
  • Secure code review and static analysis
  • Bug bounty program for responsible disclosure

9. Policy Updates

This Security Policy is reviewed and updated regularly to address new threats, technologies, and regulatory requirements.

10. Report a Vulnerability

To report security vulnerabilities responsibly:

security@ahmadai.ai
Return to Homepage