Information security is a top priority for TechWolf. We go the extra mile to protect your data because we know that you trust it to be safe with us. TechWolf holds an ISO27001 certification and a SOC 2 Type 1 attestation, and we are proud to provide state-of-the-art AI in a secure environmentFor general questions about our system, infrastructure, or information
security, please reach us over
at infosec@techwolf.ai. For data protection and privacy inquiries, contact our DPO Office directly at dpo-office@techwolf.ai.
TechWolf is an ISO/IEC 27001:2022 certified organization. The ISO 27001
standard helps us manage the processes and procedures that guarantee the
security of our products and
services. You can find our public ISO27001 certificate here.
SOC 2 (Service Organization Control 2) is a framework for managing data security that requires companies to establish and follow strict information security policies and procedures. TechWolf has obtained this attestation after an independent third-party audit.
TechWolf provides a strictly isolated environment for each customer. That means
that your data is never combined with that of other customers, and any models
trained or optimized on your internal data will never be applied outside your
environment. All data is encrypted both at rest (AES-256) and in transit (
SSL/TLS 1.2 or higher).TechWolf’s data handling is based on privacy-first
principles, retaining only the information that is strictly necessary to
provide our features. For example, our system discards all unstructured
information and files immediately after processing. In addition, our system
puts you in full control of the contents of your environment: the lifecycle of
each Entity inside the Skill Engine is managed by your company
explicitly. That means that you have full autonomy over the creation, content,
and deletion of any item. This allows you to not only follow GDPR in data
handling but also your company’s policies.
Our systems run on Amazon Web Services (AWS), inside the same secure facilities
used by many of the other tools and services you use. The TechWolf systems are
hosted inside data centers located in Paris, France, and Frankfurt, Germany.
Amazon maintains a high level of security, including the following
certifications:
SOC 1 / ISAE 3402
SOC 2
SOC 3
FISMA, DIACAP, and FedRAMP
CSM Levels 1-5
PCI DSS Level 1
ISO 9001 / ISO 27001
The components of the Skill Engine are deployed on a virtual private cloud, in
which internal components are fully shielded from outside access per the
principle of the least privilege. Each customer environment is accessible only
through a dedicated domain, controlled by a secure gateway into the VPC. If
desired, security measures such as IP whitelisting can be applied to your
customer-specific domain to further shield access from the outside world.TechWolf periodically undergoes black box penetration testing, conducted yearly
by an independent third party. In addition, we work together with our customers
to set up an additional pentest in case this is preferred. A high-level
overview of the outcomes of previous pentests is available to our customers
upon request.
The Skill Engine API is available through HTTPS only. Authentication and
authorization are provided through the OAuth 2.0 protocol, which allows for
secure and scoped access to different functionalities offered by the product.
Authentication is provided by Auth0, which has
attained broad information security certification as well.
With our products being developed further every day, our focus is on delivering
quality. That means we have a strong emphasis on secure development procedures.
This includes a zero bug policy, prioritizing the resolution of any bug that
might be detected over all other work. Furthermore, we leverage broad unit,
integration, and end-to-end test suites, ensuring that all functionality is
tested thoroughly on every code change.TechWolf leverages an agile development process, in which quality control is a
crucial factor. Whenever a change is made to our codebase, the responsible
developer creates a merge request (MR) and opens it for reviews. This action
triggers a collection of automated quality checks, including vulnerability
scans, regression tests, and linting checkers. If any of these fails, the MR is
immediately blocked to prevent a negative impact on the production system.
After these automated checks, each change is thoroughly reviewed by multiple
other team members, typically causing a fast iterative improvement to raise the
quality bar even further. Only after a consensus is reached that the proposed
changes are up to standard, can they actually be merged into the actual
codebase.Secure development goes beyond just shipping good quality code: it also means
monitoring existing functionality closely to detect any remaining areas for
improvement. Each production deployment has an active health checking system.
It sends out alerts to the responsible member within the team within minutes of
any degradation of service. In addition, a detailed error logging system is in
place to ensure that we can take immediate action if a bug arises.
TechWolf maintains an employee handbook for information security, which is part
of the onboarding process and revisited periodically during refresher sessions.
This handbook includes best-practice policies for passwords, device management,
information storage… These policies are a part of the broader internal
documentation for information security inside the company, parts of which are
available to our customers upon request. All authorizations, procedures, and
practices are proactively reviewed quarterly.