Skip to main content

Security & Compliance

Last updated: April 16, 2026 — v2026.31

Our Security Commitment

At BrainPredict, security is our top priority. We implement industry-leading security measures to protect your data across all 20 platforms and 560 AI models. Our zero-knowledge architecture ensures that your business data never leaves your premises.

Platforms Protected:

Commerce (20)Supply (22)People (27)Sales (26)Marketing (26)Legal (31)Risk (25)Finance (35)Innovation (28)Controlling (32)Communications (30)Data (29)Strategy (28)Sourcing (26)Operations (32)Customer (28)Cyber (18)BrainPredict Club (28)BrainPredict Automation (28)BrainPredict Smart City (35)

Latest Cybersecurity Audit Results

Grade A+ (100%)

Perfect Security Score - Server Clean

Latest Audit: December 9, 2025 (08:47 UTC)

0

Malware Found

0

C2 Connections

0

Failed Logins Today

100%

Services Online

Server fully secured. Zero malware processes, no unauthorized connections, all security services active, no persistence mechanisms detected.

Active Protection Systems

Security Fortress v6.0

Continuous malware scanning every 60 seconds

UFW Firewall

IP whitelist enabled, default deny policy

Fail2ban

Auto-bans after 3 failed SSH attempts (24h)

ClamAV Antivirus

Real-time malware detection and removal

Detailed Security Test Results

SSL/TLS Security

TLS 1.3, strong cipher suites, valid certificate

30/30

PASS

Security Headers

HSTS with preload, X-Frame-Options, CSP, X-Content-Type-Options, X-XSS-Protection

35/35

PASS

Information Disclosure

No sensitive information exposed in headers or responses

10/10

PASS

Common Vulnerabilities

SQL injection, XSS, CSRF, clickjacking, directory traversal protection

25/25

PASS

API Security

Authentication required, rate limiting, input validation

15/15

PASS

Cookie Security

Secure, HttpOnly, SameSite attributes properly configured

10/10

PASS

DNS Security

DNSSEC enabled (prevents DNS spoofing), CAA records configured (restricts certificate issuance)

10/10

PASS

Security Features Implemented

HTTPS/TLS 1.3 with strong cipher suites
HSTS with preload (max-age=31536000)
X-Frame-Options: DENY (clickjacking protection)
X-Content-Type-Options: nosniff
Content-Security-Policy configured
X-XSS-Protection: 1; mode=block
Secure and HttpOnly cookies
API authentication and rate limiting
DNSSEC enabled (DNS spoofing protection)
CAA records (certificate issuance control)

Audit Frequency: Continuous monitoring (every minute) + Full audits on-demand

Data Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • At Rest: All stored data is encrypted using AES-256 encryption
  • Database: Database encryption with automatic key rotation
  • Backups: All backups are encrypted and stored securely

Infrastructure Security

  • Hosted on Hetzner Online GmbH (Nuremberg, Germany) - ISO 27001:2022 certified, GDPR compliant
  • All data stored exclusively in German data centers (EU jurisdiction)
  • DDoS protection and WAF (Web Application Firewall)
  • Regular security patches and updates
  • Network isolation and segmentation
  • Intrusion detection and prevention systems
  • 24/7 security monitoring and alerting

Access Control

  • Multi-factor authentication (MFA) required for all accounts
  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and audits
  • Secure password policies (minimum 12 characters, complexity requirements)

Compliance Standards

  • GDPR: Full compliance with EU data protection regulations
  • CCPA: California Consumer Privacy Act compliance
  • HIPAA: Healthcare data protection compliance
  • SOC 2 Type II: Compliant with security and availability standards
  • ISO 27001: Information security management standards compliance
  • FDA 21 CFR Part 11: Electronic records compliance for healthcare AI
  • EU AI Act: Compliance with EU artificial intelligence regulations
  • EU Data Act: 95% compliant with EU Data Act (Regulation 2023/2854) - data portability, interoperability, and switching provider rights

Security Testing

  • Regular penetration testing by third-party security firms
  • Automated vulnerability scanning
  • Code security reviews and static analysis
  • Bug bounty program for responsible disclosure
  • Annual security audits

Incident Response

We have a comprehensive incident response plan:

  • 24/7 security operations center (SOC)
  • Defined incident response procedures
  • Customer notification within 72 hours of any data breach
  • Regular incident response drills
  • Post-incident analysis and improvements

Data Backup & Recovery

  • Automated daily backups
  • Geo-redundant backup storage
  • Regular backup testing and restoration drills
  • 99.9% uptime SLA
  • Disaster recovery plan with RTO < 4 hours

Employee Security

  • Background checks for all employees
  • Regular security awareness training
  • Confidentiality and NDA agreements
  • Secure development lifecycle (SDLC) practices
  • Code review requirements

Advanced Cryptographic Capabilities — Live

BrainPredict ships the most advanced on-premise AI security stack available, including post-quantum cryptography, homomorphic encryption inference, and multi-party computation — all running fully inside your infrastructure.

● LIVE

SLM v2 — 13B On-Premise Language Model

13B parameter Small Language Model with 30+ language native support, 20 platform-specific LoRA adapters (rank 64), chain-of-thought reasoning, and 128K token context window. Runs fully on-premise at 6.5 GB VRAM (INT4-GPTQ). MoE Router v2 auto-escalates queries with intent confidence ≥ 0.72 from the 7B to the 13B tier. Differential privacy (ε = 4.0) on all fine-tuning gradients. API: POST /api/v1/slm-v2/infer

● LIVE

Advanced MPC — Multi-Party Computation for Consortium AI

Shamir's Secret Sharing over GF(2¹²⁷−1): consortium members jointly train AI models without exposing raw data or individual gradients. Any t-of-n parties reconstruct the aggregate sum; t−1 colluders learn zero information (information-theoretically secure). Dropout-resilient, GDPR Art. 25 compliant. 16 Intelligence Bus event types. API: POST /api/v1/mpc/session

● LIVE

Homomorphic Encryption — CKKS Inference

CKKS scheme (Cheon-Kim-Kim-Song 2017) enables BrainPredict to run AI predictions on encrypted inputs. n = 8,192 · 128-bit security · 40-bit precision · 5 multiplicative levels. Supports linear layers, polynomial ReLU (0.5x + 0.117x²), batch normalisation. The server never decrypts inputs — only the client holds the secret key. 15 Intelligence Bus event types. API: POST /api/v1/he/infer

● LIVE

Quantum-Safe PKI — CRYSTALS Full Suite (NIST FIPS 203/204)

CRYSTALS-Kyber-768 (key encapsulation, NIST FIPS 203) and CRYSTALS-Dilithium-3 (signatures, NIST FIPS 204). Replaces RSA/ECDSA across all inter-node TLS, Intelligence Bus message signing, and model registry attestation. Hybrid mode (ECDSA P-384 + Dilithium-3) for backwards-compatible migration. 192-bit classical / 128-bit quantum security. 20 Intelligence Bus event types. API: POST /api/v1/pqc/cert/issue

Report a Security Issue

If you discover a security vulnerability, please report it responsibly:

BrainPredict OÜ

Registry Code: 17352111

Address: Harju maakond, Tallinn, Kesklinna linnaosa, Jõe tn 3-314, 10151, Estonia

Phone: +372 6630414

Email: support@brainpredict.ai

PGP Key: Available upon request

Response Time: Within 24 hours