Security

Security built for enterprise AI.Edrak is designed to help organizations use AI in a controlled environment, with security measures that support confidentiality, integrity, and operational oversight. From access controls and encryption to workspace isolation and governed integrations, security is built into the platform design.
Security at a glance
Encryption by defaultEdrak applies encryption in transit and at rest to help protect customer data throughout the service lifecycle.
Controlled accessAccess to the platform is governed through role-based controls, with administrative tools to manage users, permissions, and workspace activity.
Workspace isolationCustomer environments are logically separated to support data segregation and reduce the risk of cross-customer exposure.
Secure integrationsEdrak connects to supported AI providers through controlled API-based integrations designed for enterprise use.
Monitoring and responseEdrak maintains logging, monitoring, and incident response processes designed to detect, investigate, and address security events.
Our security approachSecurity is built into how Edrak is designed, operated, and supported.Edrak acts as the controlled layer between your organization and supported AI models. That architecture helps organizations centralize access, apply governance, and reduce unmanaged usage across teams.Our approach focuses on a few core principles:
Protect customer dataUse technical and organizational safeguards designed to protect against unauthorized access, use, disclosure, alteration, or destruction.
Limit accessRestrict access to systems and data based on business need, defined roles, and managed permissions.
Support visibilityProvide organizations with the tools to monitor usage, manage users, and maintain oversight of AI adoption.
Design for enterprise operationSupport business customers with contract-backed security commitments, subprocessor controls, and a documented approach to incident handling.
Security controlsEdrak maintains commercially reasonable administrative, technical, and physical safeguards designed to protect customer data.Security measures may include:
  • Encryption in transit
  • Encryption at rest
  • Role-based access controls
  • Workspace-level segregation
  • Logging and monitoring
  • Secure API communications with supported providers
  • Access restrictions based on business need
  • Administrative visibility into workspace activity
  • SSO support where offered
  • Written controls for subprocessors handling customer data on Edrak's behalf
Access managementControlling access is a core part of platform security.Edrak supports structured access management through:
  • User and workspace administration
  • Role-based permissions
  • Managed provisioning and removal of users
  • Centralized oversight of who can access the platform
  • Enterprise authentication options where available
Organizations remain responsible for managing their own internal access policies, approval workflows, and user behavior inside their environment.Infrastructure and data protectionEdrak is designed to help customers use AI without giving up control over how business data is handled.That includes:
  • Encryption protections for data in transit and at rest
  • Controlled transmission of data to supported third-party model providers only to deliver requested functionality
  • Workspace-level isolation between organizations
  • Safeguards intended to reduce unauthorized access and misuse
  • Data handling limited to what is needed to provide, secure, support, and administer the service
Edrak does not use customer data or outputs to train or fine-tune Edrak models or third-party AI models.Secure provider integrationsEdrak supports access to selected third-party AI providers through one governed platform.When a customer uses those integrations:
  • Edrak acts as the intermediary service layer
  • Requests are routed through a controlled enterprise environment
  • Data is transmitted only as needed to generate the requested response
  • Providers remain subject to their own service and technical limitations
  • Edrak seeks contractual protections appropriate to the service design
This model helps organizations centralize control even when multiple AI providers are in use.Monitoring and incident responseEdrak maintains processes designed to support security monitoring and incident response.This includes:
  • Logging and monitoring for platform integrity
  • Investigation of suspected misuse or security events
  • Internal escalation and remediation processes
  • Notification to affected customers without undue delay after confirmation of a security incident affecting customer data processed by Edrak, based on the information reasonably available at the time
Security is an operational discipline. Edrak's goal is to respond quickly, communicate clearly, and reduce impact where issues arise.Subprocessors and vendor controlsEdrak may use subprocessors where needed to operate and support the service.Where subprocessors are used:
  • They are engaged for legitimate service delivery purposes
  • Edrak remains responsible for their performance under its customer commitments
  • Appropriate written obligations are imposed relating to confidentiality, security, and data protection
  • Subprocessor information may be made available through customer documentation channels
Data residency and hostingUnless otherwise agreed, Edrak's default hosting position is Saudi Arabia, subject to operational availability.Alternative hosting options, including other regions, may be available depending on customer requirements, applicable law, and service configuration.Organizations with specific residency, transfer, or localization requirements should contact Edrak to discuss available options.Customer responsibilitiesSecurity is a shared effort.Customers are responsible for:
  • Managing their internal access policies
  • Ensuring that users are authorized to access the platform
  • Reviewing outputs before relying on them in legal, regulatory, financial, operational, or other high-impact contexts
  • Ensuring their own use of the platform complies with applicable laws, regulations, and internal policies
  • Promptly notifying Edrak of suspected unauthorized access or misuse
Documentation and enterprise reviewFor customers with advanced review requirements, Edrak may make security documentation available under appropriate confidentiality controls.Available materials may include:
  • Security overview documents
  • Contractual security commitments
  • Data processing terms
  • Subprocessor information
  • Responses to reasonable enterprise diligence requests
ContactFor security questions or enterprise diligence requests:Security: security@edrak.com