Security Policy

Last updated: June 9, 2026

1. Overview

ControlShift AI ("ControlShift AI," "we," "our," or "us") is committed to protecting the confidentiality, integrity, and availability of customer data and our platform. This Security Policy describes the administrative, technical, and physical safeguards we use to secure the ControlShift AI application and related services.

2. Security Governance

  • Defined roles and responsibilities for security management
  • Regular risk assessments and control reviews
  • Security awareness practices for personnel with data access
  • Incident response procedures for suspected security events

3. Infrastructure Security

  • Cloud infrastructure hosted with reputable providers using hardened configurations
  • Network segmentation and firewall controls where applicable
  • Monitoring for anomalous activity and service availability
  • Regular patching and vulnerability management processes
  • Encrypted backups and disaster recovery planning

4. Application Security

  • Secure development practices and code review processes
  • Authentication and access controls for customer accounts
  • Protection against common web application vulnerabilities
  • Rate limiting and abuse detection on public endpoints
  • Logging and audit trails for critical platform actions

5. Data Protection

  • Encryption in transit using TLS for data transmitted over public networks
  • Encryption at rest for sensitive stored data where supported
  • Role-based access controls limiting internal access to customer data
  • Data retention and deletion aligned with our Privacy Policy and customer instructions

6. Third-Party and Vendor Security

We evaluate subprocessors and integration partners for security practices before engagement. Our current subprocessors are listed on the Subprocessor List. Vendor access is limited to what is necessary to provide the Service.

7. Compliance Frameworks

ControlShift AI aligns its security program with industry standards and customer compliance requirements, including controls relevant to HIPAA, SOC 2, and PCI obligations where applicable to specific deployments and configurations.

8. Customer Responsibilities

Customers share responsibility for security by:

  • Using strong, unique passwords and enabling available security features
  • Limiting account access to authorized personnel
  • Reviewing integration permissions for connected third-party services
  • Reporting suspected security incidents promptly
  • Following our Acceptable Use Policy

9. Security Incident Notification

If we become aware of a security incident affecting customer Personal Data, we will notify affected customers without undue delay in accordance with our contractual obligations and applicable law. Report security concerns to support@controlshiftai.com.

10. Contact Us