Security

Last Updated: February 28, 2026

Rabdos AI Inc. develops proprietary AI evaluation datasets for leading AI research institutions. Because our work involves sensitive customer data and confidential evaluation methodologies, security is a foundational operational priority. This page summarizes our security posture for customers and prospective partners.

Our full Information Security Policy is available to customers and prospective partners under NDA upon request.

Access Control

  • Multi-factor authentication (MFA) is mandatory for all personnel on all company systems
  • System administrators are required to use hardware security keys (YubiKey or equivalent); SMS-based 2FA is prohibited for all personnel
  • Access to systems and data is granted on a need-to-know basis by job function; administrative privileges are restricted to authorized system administrators, with Co-CEO oversight and approval for all access grants
  • All access grants and changes require documented approval by a Co-CEO
  • Access is revoked within 24 hours of personnel offboarding

Data Protection

  • All confidential data is stored on company-approved platforms; storage on personal devices or unapproved services is prohibited
  • All approved platforms support encryption in transit; encryption at rest is required where available
  • Customer deliverables and confidential data are logically isolated from internal pipeline infrastructure
  • Customer data is never input into AI systems or tools outside those expressly authorized by the applicable customer agreement
  • Systems and platforms are kept current with security patches; critical vulnerabilities are addressed promptly
  • Access and security events are logged where supported by platform capabilities; logs are retained in accordance with platform and legal requirements

Personnel Security

  • All employees undergo identity verification and right-to-work checks prior to access being granted
  • Full-time employees undergo criminal background checks (federal and state, where permissible under applicable law)
  • Contractors with access to customer data or systems undergo criminal and sanctions screening (including U.S. government restricted party lists: OFAC SDN, BIS Entity List)
  • Screening results are reviewed by a Co-CEO before access is granted; periodic re-screening applies to personnel with elevated access
  • Personnel receive security awareness training upon onboarding and at least annually thereafter

Third-Party and Subcontractor Risk

  • Key vendors are evaluated for security posture prior to engagement and are bound by appropriate contractual data protection obligations
  • Any subcontractors or contractors with access to customer data require prior customer approval (where required by contract) and are subject to equivalent security and confidentiality obligations

Vulnerability Management and Security Reviews

  • We conduct regular internal security reviews of our systems, access controls, and data handling practices
  • We plan to engage third-party assessors for formal penetration testing and vulnerability scanning as we scale our operations
  • Identified vulnerabilities are triaged and remediated in accordance with severity

Incident Response

We maintain a formal incident response process. Suspected or confirmed security incidents are immediately escalated to both Co-CEOs, who assess and coordinate response actions including system isolation, credential rotation, forensic review, and notification as appropriate.

  • Affected customers are notified within timelines required by law or contract; for material incidents, we target notification within 48 hours of confirmed impact where applicable
  • Incidents reportable under applicable law (including data breach notification statutes) are disclosed in accordance with those requirements

Insurance

Rabdos AI Inc. maintains the following insurance coverage with carriers rated A- or better:

  • Cyber liability and errors & omissions (E&O) insurance, with coverage limits appropriate to our operations and contractual requirements
  • General liability insurance
  • Directors & officers (D&O) insurance
  • Workers' compensation insurance

Certificates of insurance are available upon request. We can name customers as additional insureds where required by contract — please contact us to arrange.

Compliance

  • Rabdos AI Inc. is a Delaware C-Corporation registered to do business in Pennsylvania
  • All personnel are verified for U.S. work authorization (I-9 compliance and E-Verify)
  • Personnel are screened against applicable U.S. government restricted party and sanctions lists
  • Data handling practices comply with the terms of applicable customer agreements
  • We implement reasonable security procedures appropriate to the nature of the information we handle, in accordance with applicable law including California Civil Code §1798.81.5
  • See our Privacy Policy for details on personal data handling

Contact

Security inquiries, vulnerability reports, and requests for our full Information Security Policy or certificates of insurance may be directed to: security@rabdos.ai