Security
Security and Data Handling
Practical information about how Solutyics treats code, credentials, client data, AI providers, and production access.
Principles
Client ownership and responsible handling come first.
Client ownership
Unless a written agreement says otherwise, client code, project deliverables, and business data belong to the client.
No training on client data
We do not use client confidential data to train public AI models. Any AI provider use should be agreed around the project's data sensitivity.
Credential care
Passwords, API keys, tokens, and production credentials should be shared only through secure agreed channels, never through public forms.
Access control
Project access should follow least-privilege principles and be removed when no longer required.
Deployment options
Work can be deployed to client-owned hosting, cloud accounts, or agreed managed environments depending on the engagement.
Honest limitations
We do not claim certifications we do not hold. Where formal compliance is required, it should be stated before work begins.
AI Provider Use
AI projects may use providers such as OpenAI, Anthropic, Gemini, open-source models, vector databases, or cloud services. Provider selection should consider privacy, retention, cost, latency, and deployment constraints.
Backups and Incidents
Backup, recovery, logging, and incident practices depend on the hosting and support agreement. Production systems should have explicit ownership for monitoring, alerts, and restore procedures.
Confidentiality
NDAs and project-specific confidentiality terms are available where required. Sensitive data handling should be discussed before access is granted.
Security questions can be sent to [email protected].