Trust Center

Security and review information for enterprise teams

Transparent security practices, data handling policies, and compliance information for security, procurement, and governance reviews.

Security Review Quick Links Contact Security Team

Trust Center overview

This Trust Center provides comprehensive security and compliance information for enterprise security reviews, vendor assessments, and governance workflows.

Security Practices

Our security approach is designed for enterprise review workflows with documented practices and evidence generation.

·Structured security assessment methodology
·Evidence-linked findings and audit trails
·Framework-aligned compliance mappings

Data Handling

Transparent data handling policies with clear retention periods and access controls.

·Configurable retention periods with manual deletion
·Two-tier access control (staff and client-scoped)
·Secure data processing and storage

Encryption & Controls

Industry-standard encryption and access controls for data protection.

·End-to-end encryption for data in transit
·Encryption at rest with managed keys
·Session-based authentication

Deployment Model

Cloud-native deployment with security-first architecture and monitoring.

·Managed cloud infrastructure deployment
·Continuous security monitoring
·Regular security assessments

Security overview

Security Assessment Capabilities

Veraclue provides structured security assessment capabilities for LLMs and AI agents with evidence-linked findings for enterprise review workflows.

Prompt Attacks

Systematic testing for injection attacks and prompt manipulation vulnerabilities.

Coverage includes:

·Direct prompt injection testing
·Indirect injection scenarios
·Context manipulation testing

Jailbreak & Policy Bypass

Detection of attempts to bypass safety controls and policy enforcement mechanisms.

Testing includes:

·Safety control bypass attempts
·Policy circumvention testing
·Content restriction evasion

Data Leakage

Assessment of sensitive information exposure risks and data leakage vulnerabilities.

Evaluation covers:

·Training data exposure risks
·System prompt disclosure
·Context leakage scenarios

Data handling and retention

Data Management Policies

We implement transparent data handling practices with clear retention periods and access controls for enterprise compliance requirements.

Data Classification

All data is classified according to sensitivity and handled according to appropriate security controls.

Assessment data: Standard retention periods

Evidence packages: Extended retention for review

System logs: Defined retention periods

Data Processing

All data processing follows documented procedures with audit trails and compliance monitoring.

Documented processing procedures

Complete audit trail maintenance

Compliance monitoring systems

Data Retention

Data retention periods are configurable. Deletion is currently performed manually through the application interface.

Configurable retention periods

Customer data export options

Manual deletion capabilities

Data Subject Rights

Support for data subject access requests, corrections, and deletion in accordance with applicable regulations.

Data access request processing

Data correction capabilities

Right to be forgotten support

Encryption and access controls

Security Controls Implementation

Industry-standard encryption and access controls implemented across all system components and data flows.

Encryption Standards

Comprehensive encryption implementation for data protection across all states.

Data in TransitTLS 1.2+

Data at RestCloud-managed encryption

Key ManagementManaged KMS

Application-level encryption applied to stored API credentials and secrets. Infrastructure-level disk encryption covers all stored data.

Network Security

Network-level security controls and monitoring for threat prevention.

Firewall and network segmentation

DDoS protection and monitoring

Intrusion detection systems

Access Control

Two-tier access control with session-based authentication.

Two-tier access control (staff and client-scoped users)

Password-based authentication with session management(MFA planned)

Session timeout policies

Least privilege principle

Application Security

Application-level security controls and secure development practices.

Secure coding practices

Regular security testing

Dependency vulnerability scanning

Deployment and environment model

Cloud Infrastructure Deployment

Veraclue operates on managed cloud infrastructure with security-first architecture and comprehensive monitoring.

Infrastructure Model

Managed cloud deployment with enterprise-grade security controls and monitoring.

Managed cloud infrastructure

Multi-region deployment

Automated scaling and failover

Monitoring & Logging

Comprehensive monitoring and logging for security operations and compliance.

Continuous security monitoring

Centralized log management

Security alerting systems

Security Operations

Ongoing security operations and incident response capabilities.

Regular security assessments

Incident response procedures

Security team availability

Backup & Recovery

Comprehensive backup and disaster recovery capabilities.

Automated backup systems

Geographic redundancy

Recovery time objectives

Methodology and safe testing practices

Veraclue Assessment Methodology

Our structured methodology ensures repeatable, evidence-linked security assessments for LLMs and AI agents.

Structured Testing

Repeatable evaluation scenarios with defined parameters and evidence collection.

Defined test parameters

Consistent execution protocols

Evidence collection procedures

Findings Classification

Structured categorization and scoring with confidence assessment.

Risk category assignment

Severity scoring methodology

Confidence level assessment

Evidence Generation

Complete audit trails and evidence packages for review workflows.

Complete audit trails

Evidence-linked findings

Framework mapping outputs

Re-test Validation

Consistent re-testing methodology for remediation validation.

Pre/post remediation testing

Delta analysis reporting

Progress tracking over time

View Full Methodology

Detailed methodology documentation for security review teams

Compliance and assurance status

Current Compliance Status

Transparent compliance status and framework alignment information for enterprise review workflows.

Framework Alignment

Our methodology and evidence generation support alignment with major enterprise compliance frameworks. Certification status varies by framework.

SOC 2 Type II

Service Organization Control 2

Framework Alignment:

CC6.1 - Security Operations
CC7.1 - System Operations
A1.1 - Security Requirements

NIST AI RMF

AI Risk Management Framework

Framework Alignment:

RM-1 - Risk Assessment
RM-2 - Risk Treatment
GA-4 - Risk Assessment

ISO 27001

Information Security Management

Framework Alignment:

A.12 - Operations Security
A.14 - System Security
A.18 - Compliance

Assurance Activities

Regular security assessments and assurance activities to maintain security posture.

Regular security assessments

Third-party security reviews

Penetration testing programs

Vulnerability management

Security training programs

Incident response testing

Vulnerability disclosure

Responsible Disclosure Policy

We welcome responsible security research and vulnerability disclosures from the security community.

Reporting Process

Report security vulnerabilities through our secure disclosure channel.

security@veraclue.com

Encrypted communication preferred

Response within 3 business days

What to Include

Provide detailed information to help us understand and reproduce the issue.

Detailed vulnerability description

Steps to reproduce

Potential impact assessment

Our Commitment

We commit to responsible handling of vulnerability reports.

Prompt acknowledgment

Regular status updates

Coordination on disclosure timing

Recognition Program

We recognize and appreciate responsible security research contributions.

Security researcher recognition

Hall of Fame acknowledgment

Coordination on public disclosure

Security reviewer quick links

Essential Review Resources

Quick access to key security review documents and resources for enterprise assessment teams.

Security Assessment Methodology

Complete evaluation methodology and testing procedures

Sample Evidence Pack

Example assessment outputs and evidence packages

Security Practices Overview

Comprehensive security practices and controls

Data Handling Policies

Data processing, retention, and protection policies

Encryption and Access Controls

Technical security controls and encryption standards

Vulnerability Disclosure Policy

Responsible disclosure and security research guidelines

Frequently asked review questions

What security assessments does Veraclue perform?

Veraclue performs structured security assessments of LLMs and AI agents, including prompt injection testing, jailbreak detection, and data leakage assessment. Additional categories including fairness analysis, privacy compliance, and transparency checks are also available. All assessments produce evidence-linked findings with complete audit trails.

How is customer data handled and protected?

Customer data is handled according to documented data handling policies with defined retention periods. All data is encrypted in transit using TLS 1.2+ and at rest using cloud-managed disk encryption, with application-level encryption for stored API credentials. Access is controlled through a two-tier access model (staff and client-scoped users) with session-based authentication.

What compliance frameworks does Veraclue support?

Veraclue's methodology and evidence generation support alignment with SOC 2 Type II, NIST AI RMF, and ISO 27001 frameworks. Our findings and evidence packages include direct mapping to relevant controls and requirements for enterprise compliance workflows.

How can security teams review Veraclue's practices?

Security teams can review our comprehensive methodology documentation, sample evidence packs, and detailed security practices through this Trust Center. Additional documentation and security review support are available through our security team at security@veraclue.com.

What is Veraclue's vulnerability disclosure process?

We welcome responsible security research and vulnerability disclosures. Reports should be sent to security@veraclue.com with detailed vulnerability descriptions and reproduction steps. We commit to prompt acknowledgment, regular status updates, and coordination on disclosure timing.

How does Veraclue ensure assessment reproducibility?

Our methodology includes deterministic testing protocols, fixed random seeds, consistent model configuration parameters, and controlled environment states. Multiple test iterations and statistical confidence testing ensure reproducible findings across assessment runs.

Contact for review

Security Review Support

Our security team is available to support enterprise security reviews, answer questions, and provide additional documentation.

Security Team

For security reviews, vulnerability reports, and security questions.

Email:security@veraclue.com

Response Time:Within 3 business days

Procurement Support

For vendor assessment questionnaires and procurement workflows.

Email:procurement@veraclue.com

Response Time:Within 3 business days

Available Documentation

Additional security documentation available upon request.

Detailed security controls documentation

Vendor assessment questionnaire responses

Compliance framework mappings

Incident response procedures

Review Process

Streamlined process for security reviews and assessments.

Step 1:Review Trust Center documentation

Step 2:Request additional documentation

Step 3:Schedule security team consultation

Step 4:Complete assessment and approval

Ready for your security review?

Start your enterprise security assessment

Contact our security team to begin your review process or request additional documentation for your enterprise assessment.

Contact Security Team Review Methodology