Enterprise Security Review

Documentation for procurement, security, and compliance teams evaluating RADAR. Covers architecture, certifications, data handling, and standard security questionnaire responses.

Security architecture

RADAR is designed with a zero-trust architecture. No cloud dependencies, no shared infrastructure, no telemetry egress. Every component runs inside your security boundary.

  • Name
    Deployment model
    Description

    Single-tenant, self-hosted. No shared infrastructure. Each customer deploys in their own VPC, on-prem, or air-gapped network.

  • Name
    Data boundary
    Description

    All evidence data stays inside customer infrastructure. No cloud egress, no telemetry, no third-party data processing.

  • Name
    Network isolation
    Description

    No inbound connections required from internet. In air-gapped mode, zero outbound connections required.

  • Name
    Encryption
    Description

    Fernet encryption at rest (AES-128-CBC + HMAC). TLS is planned for a future release. Keys managed via env var, KMS, or secrets manager.

Certifications

  • Name
    SOC 2 Type II
    Description

    Meets trust services criteria for security, availability, confidentiality. Annual audit. Report under NDA.

  • Name
    GDPR
    Description

    DPA available. Evidence retention, deletion, and export controls support data subject rights.

  • Name
    EU AI Act
    Description

    Evidence mappings for Articles 12–16, 29, and 55. See EU AI Act Evidence page.

  • Name
    HIPAA
    Description

    BAA available. Audit, access, and integrity controls for ePHI (164.312).

Data Processing Agreement

Because RADAR is self-hosted, the customer is the data processor. AKIOUD AI has no access to customer data, evidence, or configuration. No sub-processors. No cross-border data transfer. Full deletion with cryptographic purge attestation available. Contact sales for the complete security review package.

Security questionnaire

  • Name
    Data encryption at rest?
    Description
    Yes. Fernet (AES-128-CBC + HMAC-SHA256).
  • Name
    Multi-tenant?
    Description
    No. Single-tenant, self-hosted per customer.
  • Name
    Cloud dependencies?
    Description
    None. Zero cloud egress for core functionality.
  • Name
    SOC 2 Type II?
    Description
    Yes. Annual audit. Report under NDA.
  • Name
    SSO / Identity?
    Description
    Yes. OIDC and SAML 2.0.
  • Name
    Audit logging?
    Description
    Yes. All admin actions, access, config changes, deletions logged.
  • Name
    Penetration testing?
    Description
    Annual third-party test. Results to qualified buyers.
  • Name
    Incident response?
    Description
    24-hour notification commitment.
  • Name
    Vulnerability management?
    Description
    Continuous scanning. CVEs remediated within SLAs.

Was this page helpful?