Client ownership
Unless a written agreement says otherwise, client code, project deliverables, and business data belong to the client.
Security
Practical information about how Solutyics treats code, credentials, client data, AI providers, and production access.
Working position
Security requirements change with the data, environment, provider, and support model. Those constraints should be explicit before the delivery approach is chosen.
Ask a security questionPrinciples
These are operating principles, not claims of formal certification or a substitute for project-specific controls.
Unless a written agreement says otherwise, client code, project deliverables, and business data belong to the client.
We do not use client confidential data to train public AI models. Any AI provider use should be agreed around the project's data sensitivity.
Passwords, API keys, tokens, and production credentials should be shared only through secure agreed channels, never through public forms.
Project access should follow least-privilege principles and be removed when no longer required.
Work can be deployed to client-owned hosting, cloud accounts, or agreed managed environments depending on the engagement.
We do not claim certifications we do not hold. Where formal compliance is required, it should be stated before work begins.
Engagement details
01
AI projects may use providers such as OpenAI, Anthropic, Gemini, open-source models, vector databases, or cloud services. Provider selection should consider privacy, retention, cost, latency, and deployment constraints.
02
Backup, recovery, logging, and incident practices depend on the hosting and support agreement. Production systems should have explicit ownership for monitoring, alerts, and restore procedures.
03
NDAs and project-specific confidentiality terms are available where required. Sensitive data handling should be discussed before access is granted.
Vulnerability reporting
Send a concise report with the affected URL, what you observed, reproducible steps, and the potential impact. Do not include credentials or unrelated personal data.
Email a security reportPlease do not access data that is not yours, disrupt services, degrade availability, or use social engineering while investigating an issue.
Please avoid publishing technical details before Solutyics has had a reasonable opportunity to confirm the issue and prepare a correction.
The machine-readable disclosure contact is published at /.well-known/security.txt.
Project security questions can be sent to [email protected].
Discuss project handling