Data, Privacy, & Security
Your Knowledge, Your Control
At Delphi, you maintain full ownership of all content you upload to create your Digital Mind. Your intellectual property remains exclusively yours, and you retain complete control over how your data is used, shared, and accessed. Your training data is stored in its own private index and is not shared or used to train any external models.
Who can use your Digital Mind and leverage its capabilities is fully under your control. ****This ownership model ensures that your valuable knowledge remains under your control while still allowing you to scale your impact through our platform.
The simplicity of our ownership policy reflects our commitment: your content is yours, period.
Your Security, Our Priority
For up-to-date information about our compliance certifications, our security systems, and privacy practices, see our Terms of Use, Creator Terms of Service, and Privacy Policy.
At Delphi, we take security very seriously to protect customer data and ensure a safe, reliable experience. Our security approach includes multiple layers of protection. Below is a clear breakdown of the key security measures we use:
Data Protection Measures
Encryption at Rest (Stored Data Protection): All stored customer data is locked using AES-256 encryption, which is one of the strongest forms of digital security.
Encryption in Transit (Data Moving Protection): When data travels over the internet (e.g., when you log in or send a message), we encrypt it using TLS 1.2+.
Daily Backups: We save copies of our data every night, so if anything goes wrong, we can restore lost information.
Network Security: Preventing Hackers from Getting In
Firewalls and Access Control Lists: These are security barriers that filter internet traffic, blocking anything suspicious, similar to a security checkpoint at an airport.
Private Subnet (Data Isolation): Customer data is processed in a private, separate section of our cloud environment that cannot be accessed by the public internet.
DDoS Protection (Defending Against Attacks): We use Cloudflare and AWS Shield to protect against attacks where hackers try to flood our system with excessive traffic.
Web Application Firewall (WAF): This system monitors and blocks harmful internet traffic, preventing threats before they reach our platform.
Continuous Monitoring and Compliance
Automated Security Monitoring: We use tools like Sentry.io, Axiom, and Logfire to continuously check our system’s health. If anything unusual happens, an alert is sent to our security team immediately.
Audit Logs (Tracking Who Does What): Every action in our system is recorded using AWS CloudTrail, ensuring a clear record of who accessed what, when, and why.
Application Security: Protecting Our Software from Hackers
Penetration Testing (Hiring Ethical Hackers): Every year, we hire expert security testers to try and break into our system. If they find any weak points, we fix them immediately.
Vulnerability Scanning: We use tools like Snyk and AWS GuardDuty to scan for weaknesses in our system and update any outdated security measures before they become a risk.
Secure Access and Identity Protection
Role-Based Access Control (RBAC): Employees and system users only get access to the data they need, nothing more. This is like a workplace where only finance employees can access payroll records, and IT staff can access servers.
Credential Management (Protecting Passwords and Secrets): We use AWS Key Management Service (KMS) and 1Password to securely store passwords and secret access keys, ensuring they’re encrypted and only accessible to authorized people.
Incident Response: How We Handle Security Threats
Incident Response Plan: If something goes wrong, we follow a structured process to detect, analyze, and respond to the issue immediately.
Root Cause Analysis (Fixing the Problem for Good): After any security event, we investigate what caused it and take steps to prevent it from happening again.
For any questions related to privacy or security, please reach out to [email protected]
Last updated