Security and privacy

We integrate security and privacy by design from project planning, with specific requirements evaluated based on scope and risk.

We aim to collect and process only information necessary for the agreed purpose.

We limit access to data and systems based on project roles and needs, subject to applicable contractual agreements.

Projects may be deployed on client infrastructure or selected cloud infrastructure depending on each project's technical, security and contractual requirements.

When possible, we prioritize client-controlled environments for project data processing.

We evaluate providers based on project needs. Applicable providers are documented where appropriate in proposals, contracts or DPAs.

View website providers in our Privacy Notice

We maintain processes to identify, contain, investigate and communicate security incidents in accordance with applicable contractual obligations.

Agents may include evaluations, monitoring, alerts and human review to identify quality degradation or unexpected behavior, as agreed in scope.

For security requests, write to support@3alphaia.com.

Projects requiring security questionnaires, NDAs, DPAs, security annexes, architecture review or regulatory requirements are evaluated individually before corresponding data processing begins.

We do not claim specific compliance certifications, reports or validations such as SOC 2, HIPAA or ISO 27001 unless expressly stated in writing in applicable official documentation.