1. Security Governance & Control Framework
Control framework
- Duvo is SOC 2 Type II certified
- Controls aligned with SOC 2 Trust Services Criteria (Security, Availability, Confidentiality)
- Duvo maintains strict controls around data security, availability, and confidentiality
Risk & oversight
- Security and risk reviewed at executive level on a regular cadence.
- Annual formal risk assessment with documented treatment plans and remediation tracking.
Policies & compliance
- Core policies (Information Security, Access Control, Vendor Risk, Data Protection & Privacy, Incident Response, Acceptable Use) reviewed at least annually.
- All Duvo employees complete mandatory security and privacy awareness programs at onboarding and annually thereafter.
2. Infrastructure & Platform Security
Hosting & network
- Hosted on leading cloud providers with hardened configurations and network segmentation.
- Full disclosure of subprocessors available upon request.
Identity, access & MFA
- All access to production systems is authenticated, role-based, and enforced with MFA and least-privilege.
Encryption & key management
- In transit: TLS 1.2+ for all external and internal service communications.
- At rest: Industry-standard encryption (e.g., AES-256) for databases, storage, and backups.
- Keys managed via cloud-native KMS, with access controls and rotation policies.
Endpoint & device security
- Company endpoints use full-disk encryption
Monitoring, availability & incident response
- Centralized logging and monitoring of infrastructure, application health, and security-relevant events.
- Redundant, multi-AZ architecture designed to minimize downtime.
- Documented incident response plan, on-call rotation, and post-incident review process.
Vulnerability management
- Regular automated scanning of infrastructure and applications.
- Patch management and remediation timelines driven by risk severity.
3. Application, Assignment & Browser Security
Authentication, SSO & RBAC
- Unique accounts for all users
- Fine-grained RBAC across:
- Human roles (admins, managers, users).
- Assignments themselves (which systems, environments, and actions an assignment can perform).
- Assignments can only access systems that are within security scope of users using the assignments to perform processes
Tenant isolation
- Logical segregation of customers at the application and data layers.
- Cross-tenant access is technically prevented; multi-tenant components enforce tenant scoping in all queries.
Secure SDLC & environments
- All production changes are peer-reviewed and tracked in version control.
- Automated and manual testing (including regression and security checks) before deployment.
- Strict separation of dev / staging / production; production data is not used in lower environments.
Automation & Duvo “Enterprise Browser”
- UI automation runs in ephemeral remote browser sandboxes, not on end-user devices.
- Browsing sessions are isolated per task, local storage is not shared between customers.
- Logins for target systems (e.g., internal portals) are stored in hardened secret stores and scoped to specific assignments/workflows.
Human-in-the-loop & approvals
- Assignments can be configured to request explicit human approval for high-risk actions (e.g., changes in internal systems, sending external emails).
- All approvals, rejections, and resulting actions are fully logged.
Auditability
- Comprehensive audit trails for assignment jobs, configuration changes, access changes, and approvals.
4. Data Protection & Privacy
Data classification & lifecycle
- Retention and deletion policies for logs, configuration, and content aligned with contractual and regulatory obligations.
Access to customer data
- Role-based, need-to-know access to production data; approvals and access are time-bound wherever possible.
- All privileged access is logged and regularly reviewed (at least quarterly access reviews).
Privacy & regulatory alignment
- Program aligned with GDPR principles, support for data subject rights (access, deletion, rectification) through defined processes.
- Public Privacy Policy, DPAs, and list of sub-processors available on request.
Deletion & anonymization
- Capabilities to delete or render data unusable on request, including end-user content and workspace data, subject to legal and backup constraints.
5. Use of AI / LLM Providers (Anthropic ZDR & Others)
Anthropic as primary AI provider
- Duvo integrates Anthropic’s Claude models as a core reasoning engine under enterprise commercial terms.
Zero Data Retention (ZDR)
- All Anthropic API calls from Duvo are made in Zero Data Retention mode:
- Prompts and outputs are not used for model training,
- Not retained beyond transient processing by Anthropic.
- Duvo does not use Anthropic’s consumer interfaces (e.g., free/pro web UI) for customer workloads.
Data minimization & protection with LLMs
- Only the minimal context required to perform a task is sent to the model.
Other model providers / BYO endpoints
- Support for other enterprise LLM APIs and customer-hosted model endpoints.
- You can constrain the platform to specific providers, regions, or endpoints that satisfy your data residency and compliance requirements.
Vendor risk management
- Critical sub-processors (LLM providers, cloud, browser sandboxing, observability) undergo security and privacy review.
- DPAs and data-handling terms are in place, with clear limits on data use and confidentiality obligations.