Security Overview

Privacy-First Architecture for Enterprise AI Assessment

PAICE is designed from the ground up with security, privacy, and compliance as core requirements—not afterthoughts. This page provides technical details for CISOs, security architects, and compliance teams evaluating PAICE for organizational use.

Security Posture Summary

✅ What We Do

No tracking or advertising cookies - Anonymous users: zero cookies. Authenticated users: one functional auth cookie only. No consent banner required.
Minimal data collection - Optional email only
End-to-end encryption - TLS 1.3 in transit, AES-128 at rest
No conversation storage - Processed in real-time, then discarded
Hashed identifiers - Non-reversible user/session IDs
Rate limiting - Prevents abuse and DoS attacks
Input validation - Server-side schema enforcement
Automated security scanning - Dependency audits in CI/CD
TEE protection available - Optional hardware-isolated Confidential Mode

❌ What We Don't Do

✗Collect names, emails (unless voluntarily provided), or employee IDs
✗Store IP addresses or device fingerprints
✗Retain conversation content in production
✗Use tracking, advertising, or analytics cookies
✗Sell or share user data with third parties
✗Require system integrations or API access
✗Use data for AI model training
✗Implement surveillance or monitoring features

Privacy by Design

PAICE implements Privacy by Design principles at every layer of the architecture. Data minimization, purpose limitation, and user control are not compliance checkboxes—they're architectural requirements.

Anonymous by Default

No account creation required. No login credentials. No personal identifiers collected during assessment. User and session IDs are cryptographically hashed using SHA-256 with non-reversible salts.

Minimal Data Surface

PAICE stores only:

Hashed user ID (SHA-256, non-reversible)
Hashed session ID (SHA-256, non-reversible)
Assessment scores (numeric only)
Behavioral interaction signals (anonymized patterns)
Optional: Encrypted email (AES-128, user-provided)

Conversation Data Handling

Production: Conversation content is processed in real-time to generate scores, then immediately discarded. No conversation text is stored in production databases.

Development/Testing: Limited conversation logging for debugging purposes only, with automatic 30-day deletion.

GDPR Recital 26 Compliance

PAICE aligns with GDPR Recital 26 by ensuring that no data collected can be used to identify a natural person. Since no personal data is processed, most GDPR requirements do not apply. Where optional email is provided, full GDPR rights (access, deletion, portability) are supported.

Data Protection & Encryption

Data in Transit

• TLS 1.3 for all client-server communication
• HTTPS enforced in production (automatic redirect)
• Certificate pinning for API endpoints
• Secure headers (HSTS, CSP, X-Frame-Options)

Data at Rest

• AES-128 encryption for optional email addresses
• MongoDB encryption at rest (provider-managed)
• Encrypted backups with separate key management
• Secure key storage (environment variables, not in code)

Data Retention Policy

• Conversation content: Deleted immediately after processing (production)
• Assessment scores: Retained indefinitely for research (anonymized, GDPR Article 89)
• Optional email: Retained until user requests deletion
• Session data: Expires after 24 hours of inactivity
• Logs: 30-day rolling retention for operational logs

Application Security Controls

Rate Limiting

Composite identifier rate limiting (API key + session ID + IP) prevents brute-force attacks and DoS attempts. Limits: 15 requests/minute for chat, 10/minute for assessment creation.

Input Validation

Server-side schema validation using Pydantic models. All inputs sanitized and validated before processing. Protection against injection attacks, XSS, and malformed data.

CORS Policy

Strict CORS configuration with whitelisted origins. Production environment restricts cross-origin requests to paice.work domains only.

Error Handling

Sanitized error responses prevent information leakage. Stack traces and internal details never exposed to clients. Detailed logging for internal debugging only.

Security Headers

Comprehensive security headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy. Prevents clickjacking, XSS, and MIME-sniffing attacks.

Bot Protection

Honeypot redirect system detects and redirects agentic browsers (Atlas, Comet) away from sensitive pages. Environment-aware, production-only enforcement.

Infrastructure & Operations

Hosting & Infrastructure

• Cloud Provider: Secure, SOC 2 Type II certified infrastructure
• Database: MongoDB Atlas with encryption at rest and in transit
• Network Isolation: Private VPC with firewall rules
• DDoS Protection: Cloud-native DDoS mitigation
• Monitoring: 24/7 system health and anomaly detection

Dependency Management

• Automated Scanning: GitHub Dependabot, npm audit, pip-audit
• CI/CD Integration: Security checks in every build
• Patch Management: Critical vulnerabilities patched within 48 hours
• Version Pinning: Explicit dependency versions, no wildcards

Access Controls

• Principle of Least Privilege: Minimal permissions for all services
• API Key Authentication: Required for all backend endpoints
• Environment Separation: Isolated dev, staging, production environments
• Audit Logging: All administrative actions logged and monitored

Compliance & Standards Alignment

GDPR (EU)

✅ Minimal data collection (data minimization)
✅ Purpose limitation (assessment only)
✅ Right to access (data export)
✅ Right to erasure (deletion on request)
✅ Data portability (CSV/JSON export)
✅ Consent management (optional email)
✅ Anonymous data processing (Recital 26)

CCPA (California)

✅ Transparency (clear privacy policy)
✅ No data selling (explicit commitment)
✅ Do Not Track support
✅ Data deletion available
✅ No discrimination for opting out
✅ Consumer rights disclosure

NIST AI RMF

✅ GOVERN 1.1 - Legal requirements
✅ MAP 1.1 - Context documentation
✅ MANAGE 2.2 - Accountability
✅ MANAGE 2.3 - Operator override
✅ MANAGE 4.1 - Monitoring

ISO/IEC 42001

✅ Control 5.2 - Risk assessment
✅ Control 6.2 - Information security
✅ Control 7.2 - Competence
✅ Control 8.2 - Testing
✅ Control 10.2 - Continual improvement

SOC 2 Alignment

PAICE architecture aligns with SOC 2 Trust Services Criteria:

• Security: Access controls, encryption, monitoring
• Availability: 99.9% uptime target, DDoS protection
• Confidentiality: Data encryption, minimal collection
• Privacy: GDPR/CCPA compliance, user rights

Third-Party Services & Data Processors

PAICE uses a minimal set of third-party services, with different providers depending on operating mode:

Standard Mode (Default)

Anthropic Claude API

Purpose: Chat interactions, assessment evaluation

• Conversations processed in real-time, not permanently stored by PAICE
• Anthropic may retain data per their Commercial Terms
• No PAICE data used for Anthropic model training

Google Gemini API

Purpose: Cascaded detection operations

• Used only when Anthropic models unavailable
• Data handled per Google AI Terms

OpenAI API

Purpose: Fallback for complex evaluations

• Used only in evaluation cascade when primary models unavailable
• Data handled per OpenAI Terms

🔒 Confidential Mode (TEE-Protected)

NEAR AI Cloud

Purpose: All AI operations in TEE environment

• Hardware-isolated Trusted Execution Environment
• Cryptographic attestation verifies secure processing
• Provider cannot access conversation content
• Models may include GPT-OSS, GLM, DeepSeek, Qwen3
• NEAR AI Documentation

Shared Infrastructure (Both Modes)

MongoDB Atlas

Purpose: Database for anonymized scores and session data

• SOC 2 Type II certified infrastructure
• Encryption at rest and in transit
• Network isolation and access controls
• Automated backups with encryption

PostHog (Optional Analytics)

Purpose: Usage analytics for service improvement

• Configured to use localStorage instead of cookies
• Respects "Do Not Track" browser setting
• No personal data sent to PostHog
• Can be disabled by user preference

No Advertising or Marketing Trackers

PAICE does not use Google Analytics, Facebook Pixel, or any other advertising/marketing platforms. No user data is shared with advertisers or data brokers.

Confidential Mode (TEE Protection)

For users handling highly sensitive information, PAICE offers an optional Confidential Mode that routes all AI operations through Trusted Execution Environments (TEE)—hardware-isolated enclaves that provide additional protection beyond standard encryption.

How TEE Protection Works

Hardware isolation: Data processed in CPU-level secure enclaves
Memory encryption: Data encrypted even while being processed
Cryptographic attestation: Verifiable proof of secure execution
Provider-blind: Cloud operator cannot access your data

When to Use Confidential Mode

•Discussing proprietary business strategies
•Sensitive personnel or HR matters
•Regulated industry compliance requirements
•Maximum privacy preference regardless of content

Enabling Confidential Mode

Activate Confidential Mode by adding the URL parameter:

?s=confidential to your assessment URL (e.g., paice.work/individual?s=confidential)

When active, you'll see a verification badge confirming TEE protection with cryptographic attestation.

Learn more about our TEE integration →

Incident Response & Monitoring

Detection & Monitoring

• Real-time system health monitoring
• Automated anomaly detection
• Security event logging and alerting
• Performance metrics tracking
• Uptime monitoring (99.9% target)

Response Procedures

• Documented incident response plan
• 24-hour response time for critical issues
• Automated rollback capabilities
• Post-incident analysis and reporting
• Continuous improvement process

Security Incident Reporting

If you discover a security vulnerability or incident, please report it immediately:

• Email:
• Response Time: Within 24 hours for critical issues
• Responsible Disclosure: We appreciate coordinated disclosure and will work with researchers to address issues promptly

Security Standards & Best Practices

PAICE implements industry-standard security practices and emerging standards for responsible AI governance:

RFC 9116: security.txt

PAICE implements the security.txt standard (RFC 9116) for coordinated vulnerability disclosure:

• Location: https://paice.work/.well-known/security.txt
• Contact: [email protected]
• Expires: 2026-12-31
• Policy: https://paice.work/security

This standardized file makes it easy for security researchers to report vulnerabilities responsibly.

AI Agent Policy (ai.txt)

PAICE implements an emerging standard for AI agent interaction policies:

• Location: https://paice.work/.well-known/ai.txt
• Purpose: Defines how AI systems should interact with PAICE content
• Covers: Crawling rules, training data usage, API access, prohibited activities
• Attribution: Required for training data and content summarization

This policy protects proprietary methodology while enabling responsible AI agent access to public content.

LLM Context File (llm.txt)

Comprehensive context file for Large Language Models and AI agents:

• Location: https://paice.work/llm.txt
• Purpose: Provides accurate context about PAICE for AI systems
• Includes: Navigation map, methodology overview, citation guidelines
• Benefits: Ensures AI systems reference PAICE accurately

Structured Data & Schema.org

PAICE implements comprehensive structured data for better discoverability and understanding:

• Organization schema: Company information and contact points
• WebSite schema: Site metadata and navigation
• BlogPosting schema: Rich blog post metadata
• Course schema: Assessment as educational content
• ContactPage schema: Enhanced contact information

These schemas improve SEO, enable rich snippets, and help AI systems understand PAICE content.

Transparency Files

Additional transparency and documentation files:

• humans.txt: Team and technology information
• robots.txt: Crawler policies and sitemap references
• Sitemaps: Organized XML sitemaps for efficient crawling

Why These Standards Matter

Implementing these standards demonstrates PAICE's commitment to:

✓ Transparency: Clear communication about security and data practices
✓ Responsible AI: Ethical guidelines for AI agent interaction
✓ Security Maturity: Industry-standard vulnerability disclosure
✓ Discoverability: Structured data for better understanding
✓ Governance: Documented policies and procedures

Vendor Assessment & Documentation

For organizations conducting vendor security assessments, PAICE can provide:

Available Documentation

✓ Security architecture overview
✓ Data flow diagrams
✓ Privacy policy and terms of service
✓ Compliance alignment documentation
✓ Third-party service inventory
✓ Incident response procedures

Assessment Support

✓ Security questionnaire responses
✓ Technical architecture reviews
✓ Compliance attestations
✓ Data processing agreements
✓ Penetration test coordination
✓ Custom documentation as needed

For vendor assessment requests: Contact with your specific requirements. We typically respond within 2-3 business days.

Baseline Program Security Considerations

Organizations participating in the PAICE AI Capability Baseline program receive additional security benefits:

Dedicated Support

Direct access to security team for questions, concerns, and custom requirements.

Custom Data Handling

Ability to negotiate specific data retention, deletion, and processing requirements.

Enhanced Reporting

Detailed security and compliance reports tailored to your organization's needs.

Integration Guidance

Technical support for secure integration with your existing systems and workflows.

Interested in a team baseline? Learn more about enterprise-grade security features and custom deployment options on our .

Security Questions?

Our security team is here to help. Whether you're conducting a vendor assessment, have questions about our architecture, or need custom documentation, we're ready to assist.

Security Team:

General Inquiries: