Enterprise Security Review
Documentation for procurement, security, and compliance teams evaluating RADAR. Covers architecture, certifications, data handling, and standard security questionnaire responses.
Security architecture
RADAR is designed with a zero-trust architecture. No cloud dependencies, no shared infrastructure, no telemetry egress. Every component runs inside your security boundary.
- Name
Deployment model- Description
Single-tenant, self-hosted. No shared infrastructure. Each customer deploys in their own VPC, on-prem, or air-gapped network.
- Name
Data boundary- Description
All evidence data stays inside customer infrastructure. No cloud egress, no telemetry, no third-party data processing.
- Name
Network isolation- Description
No inbound connections required from internet. In air-gapped mode, zero outbound connections required.
- Name
Encryption- Description
Fernet encryption at rest (AES-128-CBC + HMAC). TLS is planned for a future release. Keys managed via env var, KMS, or secrets manager.
Certifications
- Name
SOC 2 Type II- Description
Meets trust services criteria for security, availability, confidentiality. Annual audit. Report under NDA.
- Name
GDPR- Description
DPA available. Evidence retention, deletion, and export controls support data subject rights.
- Name
EU AI Act- Description
Evidence mappings for Articles 12–16, 29, and 55. See EU AI Act Evidence page.
- Name
HIPAA- Description
BAA available. Audit, access, and integrity controls for ePHI (164.312).
Data Processing Agreement
Because RADAR is self-hosted, the customer is the data processor. AKIOUD AI has no access to customer data, evidence, or configuration. No sub-processors. No cross-border data transfer. Full deletion with cryptographic purge attestation available. Contact sales for the complete security review package.
Security questionnaire
- Name
Data encryption at rest?- Description
- Yes. Fernet (AES-128-CBC + HMAC-SHA256).
- Name
Multi-tenant?- Description
- No. Single-tenant, self-hosted per customer.
- Name
Cloud dependencies?- Description
- None. Zero cloud egress for core functionality.
- Name
SOC 2 Type II?- Description
- Yes. Annual audit. Report under NDA.
- Name
SSO / Identity?- Description
- Yes. OIDC and SAML 2.0.
- Name
Audit logging?- Description
- Yes. All admin actions, access, config changes, deletions logged.
- Name
Penetration testing?- Description
- Annual third-party test. Results to qualified buyers.
- Name
Incident response?- Description
- 24-hour notification commitment.
- Name
Vulnerability management?- Description
- Continuous scanning. CVEs remediated within SLAs.