# Security & Privacy Duvo is an AI-native automation platform that automates complex processes across UIs and APIs. The platform is designed so that automation reduces risk: assignments operate within strict access boundaries, every action is auditable, and our use of AI vendors is governed by clear contractual and technical controls. *** ### 1. Security Governance & Control Framework #### Control framework * Duvo is SOC 2 Type II certified * Controls aligned with SOC 2 Trust Services Criteria (Security, Availability, Confidentiality) * Duvo maintain strict controls around data security, availability, and confidentiality #### Risk & oversight * Security and risk reviewed at executive level on a regular cadence. * Annual formal risk assessment with documented treatment plans and remediation tracking. #### Policies & compliance * Core policies (Information Security, Access Control, Vendor Risk, Data Protection & Privacy, Incident Response, Acceptable Use) reviewed at least annually. * All Duvo employees complete mandatory security and privacy awareness programs at onboarding and annually thereafter. *** ### 2. Infrastructure & Platform Security #### Hosting & network * Hosted on leading cloud providers with hardened configurations and network segmentation. * Full disclosure of subprocessors available upon request. #### Identity, access & MFA * All access to production systems is authenticated, role-based, and enforced with MFA and least-privilege. #### Encryption & key management * **In transit:** TLS 1.2+ for all external and internal service communications. * **At rest:** Industry-standard encryption (e.g., AES-256) for databases, storage, and backups. * Keys managed via cloud-native KMS, with access controls and rotation policies. #### Endpoint & device security * Company endpoints use full-disk encryption #### Monitoring, availability & incident response * Centralized logging and monitoring of infrastructure, application health, and security-relevant events. * Redundant, multi-AZ architecture designed to minimize downtime. * Documented incident response plan, on-call rotation, and post-incident review process. #### Vulnerability management * Regular automated scanning of infrastructure and applications. * Patch management and remediation timelines driven by risk severity. *** ### 3. Application, Assignment & Browser Security #### Authentication, SSO & RBAC * Unique accounts for all users * Fine-grained **RBAC** across: * Human roles (admins, managers, users). * **Assignments** themselves (which systems, environments, and actions an assignment can perform). * Assignments can only access systems that are within security scope of users using the assignments to perform processes #### Tenant isolation * Logical segregation of customers at the application and data layers. * Cross-tenant access is technically prevented; multi-tenant components enforce tenant scoping in all queries. #### Secure SDLC & environments * All production changes are peer-reviewed and tracked in version control. * Automated and manual testing (including regression and security checks) before deployment. * Strict separation of dev / staging / production; production data is not used in lower environments. #### Automation & Duvo "Enterprise Browser" * UI automation runs in **ephemeral remote browser sandboxes**, not on end-user devices. * Browsing sessions are isolated per task, local storage is not shared between customers. * Logins for target systems (e.g., internal portals) are stored in hardened secret stores and scoped to specific assignments/workflows. #### Human-in-the-loop & approvals * Assignments can be configured to request explicit human approval for high-risk actions (e.g., changes in internal systems, sending external emails). * All approvals, rejections, and resulting actions are fully logged. #### Auditability * Comprehensive audit trails for assignment jobs, configuration changes, access changes, and approvals. *** ### 4. Data Protection & Privacy #### Data classification & lifecycle * Retention and deletion policies for logs, configuration, and content aligned with contractual and regulatory obligations. #### Access to customer data * Role-based, need-to-know access to production data; approvals and access are time-bound wherever possible. * All privileged access is logged and regularly reviewed (at least quarterly access reviews). #### Privacy & regulatory alignment * Program aligned with **GDPR** principles, support for data subject rights (access, deletion, rectification) through defined processes. * Public Privacy Policy, DPAs, and list of sub-processors available on request. #### Deletion & anonymization * Capabilities to delete or render data unusable on request, including end-user content and workspace data, subject to legal and backup constraints. *** ### 5. Use of AI / LLM Providers (Anthropic ZDR & Others) #### Anthropic as primary AI provider * Duvo integrates Anthropic's Claude models as a core reasoning engine under **enterprise commercial terms**. #### Zero Data Retention (ZDR) * All Anthropic API calls from Duvo are made in **Zero Data Retention** mode: * Prompts and outputs are **not used for model training**, * Not retained beyond transient processing by Anthropic. * Duvo does not use Anthropic's consumer interfaces (e.g., free/pro web UI) for customer workloads. #### Data minimization & protection with LLMs * Only the minimal context required to perform a task is sent to the model. #### Other model providers / BYO endpoints * Support for other enterprise LLM APIs and customer-hosted model endpoints. * You can constrain the platform to specific providers, regions, or endpoints that satisfy your data residency and compliance requirements. #### Vendor risk management * Critical sub-processors (LLM providers, cloud, browser sandboxing, observability) undergo security and privacy review. * DPAs and data-handling terms are in place, with clear limits on data use and confidentiality obligations.