Areebi is built for organizations where AI security is non-negotiable. Every layer of our platform is designed to protect sensitive data, maintain compliance, and give you full visibility into every AI interaction across your enterprise.
Areebi deploys inside your infrastructure as a single golden image, meaning your data never leaves your environment. Our security practices meet the standards of Fortune 500 companies.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Encryption keys are managed through customer-controlled key management systems, ensuring that only your organization can decrypt sensitive data.
Every request is authenticated, authorized, and encrypted regardless of origin. Areebi enforces least-privilege access, micro-segmentation, and continuous verification across all platform components.
We conduct annual third-party penetration testing and continuous automated vulnerability scanning. Critical findings are remediated within 24 hours, and all results are available to customers upon request.
Our vulnerability management program includes automated dependency scanning, container image scanning, and a responsible disclosure policy. We maintain a 48-hour SLA for critical vulnerability patches in our golden image.
Learn more about how our DLP engine and audit logging protect data in real time.
We are actively pursuing the certifications that matter most to regulated industries. Our compliance roadmap is driven by customer requirements and industry standards.
Expected Q3 2026
Roadmap 2026
Current
Expected Q4 2026
Roadmap 2027
Roadmap 2027
Dec 2026 Ready
Need compliance documentation for a specific framework? Explore our HIPAA, SOC 2, GDPR, and EU AI Act, and Australian Privacy Act compliance pages.
Areebi's architecture ensures that sensitive data never leaves your infrastructure. We provide complete transparency into how data flows through the platform.
All conversation data, audit logs, and configuration data are stored within your own infrastructure. Areebi deploys as a self-contained Docker or Kubernetes deployment. No data is transmitted to Areebi servers. Your vector databases, document stores, and chat histories remain on your hardware.
Because Areebi deploys on your infrastructure, data residency is determined by your deployment location. Deploy in any AWS region, Azure region, GCP zone, or on-premises data center. This makes GDPR data residency, data sovereignty, and cross-border compliance straightforward to achieve.
Every prompt and response passes through Areebi's DLP engine before reaching any LLM provider. PII is masked in real time. Sensitive patterns are blocked according to your policy rules. Every interaction is recorded in the immutable audit log.
Areebi exists to make AI safer for enterprises. Our responsible AI practices ensure transparency, fairness, and accountability in every AI interaction your organization has.
Areebi provides complete visibility into which LLM models your teams are using, what data is being sent to each provider, and how responses are generated. Our audit logs capture model selection, token usage, and response metadata for every interaction.
Our policy engine allows you to define content guardrails that prevent biased, harmful, or off-topic outputs from reaching your users. Combined with audit logging, you can track patterns and identify potential bias issues across your AI usage over time.
We believe AI governance is a fundamental requirement, not a premium feature. Areebi is committed to building tools that give organizations control over AI without restricting innovation. We publish our responsible AI principles and update them as the landscape evolves.
Areebi ships as a single golden image that deploys on Docker, Kubernetes, or bare metal. Every component is designed for isolation, least-privilege access, and defense in depth.
Areebi deploys as a containerized application with isolated services for the proxy layer, policy engine, DLP scanner, audit system, and management interface. Each service runs with minimal permissions and communicates over encrypted internal channels. The golden image approach means every customer runs the same hardened, tested, and signed container images.
All platform components run within your private network. Outbound connections are limited to configured LLM provider endpoints and license validation. No telemetry, usage data, or conversation content is sent externally. Network policies enforce strict ingress and egress rules at the container level.
Areebi supports enterprise SSO via SAML 2.0 and OIDC, role-based access control with granular permissions, and multi-factor authentication. Administrative actions are logged separately with tamper-proof records. API access requires scoped tokens with configurable expiration.
Every golden image release includes a software bill of materials (SBOM), signed container images, and automated vulnerability scanning results. Dependencies are pinned, reviewed, and updated on a regular cadence. We maintain a dedicated security response process for supply chain incidents.
Our incident response program is designed to detect, contain, and resolve security events quickly while keeping customers informed at every step.
Our incident response follows a structured four-phase approach: detection and triage, containment and analysis, remediation and recovery, and post-incident review. All incidents are classified by severity with defined escalation procedures. Critical incidents trigger immediate mobilization of our security response team.
Affected customers are notified within 24 hours of a confirmed security incident involving their data. Initial notifications include the nature of the incident, affected systems, and immediate containment actions. Follow-up communications are sent within 72 hours with root cause analysis and remediation status.
To report a security vulnerability or incident, contact our security team at security@areebi.com. For general security inquiries, reach out to hello@areebi.com. We acknowledge all security reports within one business day.
Transparency matters. Below is a complete list of sub-processors that Areebi uses to deliver the platform. Because Areebi deploys on your infrastructure, most of these services handle only platform operations, not your AI conversation data.
Last updated: March 2026. We notify customers 30 days in advance of any sub-processor changes.
Areebi provides a comprehensive Data Processing Agreement that meets GDPR Article 28 requirements and covers all aspects of data processing within the platform.
Our standard DPA covers data processing scope, sub-processor obligations, data transfer mechanisms (including Standard Contractual Clauses), breach notification procedures, data retention and deletion, and audit rights. The DPA is pre-signed by Areebi and ready for immediate execution by your organization.
Need a custom DPA? Our legal team can accommodate organization-specific requirements. Review our privacy policy and GDPR compliance page for additional context.
Areebi commits to specific response and resolution timelines for security incidents, categorized by severity level. These SLAs are included in every enterprise agreement.
Critical severity includes data breaches, active exploitation, and platform-wide outages. Severity classification follows NIST incident severity guidelines.
Areebi undergoes annual penetration testing by independent third-party security firms. Testing covers our entire attack surface with defined remediation SLAs for all findings.
External network penetration testing covers all internet-facing components, API endpoints, authentication mechanisms, and TLS configurations. Tests simulate real-world attack scenarios from unauthenticated external threat actors.
Internal testing covers container escape scenarios, inter-service communication, privilege escalation, and application-layer vulnerabilities including OWASP Top 10 testing across all platform interfaces and APIs.
Infrastructure-level testing covers container image security, Kubernetes configuration review, secrets management, network segmentation validation, and supply chain security assessment of all golden image components.
Penetration testing reports and remediation evidence are available to customers under NDA. Contact us to request access.
Answers to the most frequently asked questions from enterprise vendor security assessments. For a comprehensive security review, request access to our full security documentation package.
Customer data - including AI prompts, responses, documents, and conversation history - is stored exclusively within the customer's own infrastructure. Areebi deploys as a self-contained golden image on Docker, Kubernetes, or bare metal within your data center or private cloud. No customer data is transmitted to Areebi servers. The only outbound connections are to customer-configured LLM provider endpoints and license validation. All governance processing, DLP inspection, and audit logging occurs within your environment.
All data in transit is encrypted using TLS 1.3 with strong cipher suites (AES-256-GCM, ChaCha20-Poly1305). Data at rest is encrypted using AES-256, with encryption keys managed through the customer's own key management system (AWS KMS, Azure Key Vault, GCP Cloud KMS, or HashiCorp Vault). Areebi does not have access to customer encryption keys. Inter-service communication within the platform uses mutual TLS (mTLS) for authentication and encryption.
Areebi supports enterprise SSO via SAML 2.0 and OIDC, with integration for major identity providers (Okta, Azure AD, Google Workspace, Ping Identity). Role-based access control (RBAC) provides granular permissions across platform functions. Multi-factor authentication is enforced through your identity provider. API access requires scoped bearer tokens with configurable expiration. All administrative actions are logged in a separate, tamper-proof audit trail.
Yes. Areebi maintains a responsible vulnerability disclosure policy. Security researchers can report vulnerabilities to security@areebi.com with an acknowledgment SLA of one business day. Critical vulnerabilities are triaged immediately and remediated within 24 hours. We publish security advisories for vulnerabilities that affect customer deployments and provide patched golden image releases with documented CVE information and upgrade instructions.
Need to complete a full security questionnaire? Our team can assist with SIG, CAIQ, VSAQ, and custom vendor assessment formats. Contact us to request security documentation.
Access our policies, request compliance documentation, or initiate a data processing agreement. We believe in making security documentation readily available.
How we handle your data
Platform usage terms
Data processing agreement
Request a detailed review
Ready to evaluate Areebi's security posture for your organization?