Security

Security

Last Updated: January 6, 2025

At Okal, an initiative of Raidu, security is fundamental to everything we do. We employ industry-leading security measures to protect your voice data and ensure the reliability of our AI services.

Security Architecture

Infrastructure Security

• Multi-Region Deployment: Services distributed across multiple geographic regions
• DDoS Protection: Advanced mitigation against distributed attacks
• Web Application Firewall: Protection against OWASP Top 10 vulnerabilities
• Container Security: Isolated execution environments with security scanning
• Network Segmentation: Strict network isolation and access controls

Data Encryption

• In Transit: TLS 1.3 for all API communications
• At Rest: AES-256-GCM encryption for stored data
• Key Management: Hardware Security Modules (HSMs) for key storage
• Voice Encryption: End-to-end encryption for voice streams
• Zero-Knowledge Architecture: We cannot access your encrypted content

Compliance & Certifications

Current Certifications

• SOC 2 Type II: Audited for security, availability, and confidentiality
• ISO 27001:2022: Information Security Management System certified
• ISO 27701:2019: Privacy Information Management certified
• HIPAA Compliant: For healthcare industry requirements
• PCI DSS Level 1: Payment card data security

Regulatory Compliance

• GDPR: General Data Protection Regulation (EU)
• CCPA: California Consumer Privacy Act
• DPDP Act: Digital Personal Data Protection Act (India)
• PIPEDA: Personal Information Protection (Canada)
• LGPD: Lei Geral de Proteção de Dados (Brazil)

Security Features

Authentication & Access Control

• Multi-Factor Authentication (MFA): Required for all accounts
• Single Sign-On (SSO): SAML 2.0 and OAuth 2.0 support
• Role-Based Access Control (RBAC): Granular permission management
• API Key Rotation: Automated key lifecycle management
• Session Management: Secure session handling with timeout controls

Voice Data Security

• Voice Fingerprinting: Biometric authentication options
• Consent Management: Automated consent tracking
• Data Anonymization: PII removal from training data
• Secure Processing: Isolated processing environments
• Retention Controls: Automated data lifecycle management

Monitoring & Detection

• 24/7 Security Operations Center: Round-the-clock monitoring
• Intrusion Detection System: Real-time threat detection
• Anomaly Detection: AI-powered behavioral analysis
• Security Information and Event Management (SIEM): Centralized logging
• Vulnerability Scanning: Continuous security assessment

Security Practices

Development Security

• Secure SDLC: Security integrated into development lifecycle
• Code Reviews: Mandatory peer review for all changes
• Static Analysis: Automated security scanning
• Dependency Management: Regular updates and vulnerability patching
• Container Scanning: Image vulnerability assessment

Incident Response

• Response Team: Dedicated security incident response team
• Response Time: < 1 hour for critical incidents
• Communication: Transparent incident communication
• Post-Mortem: Detailed analysis and improvement plans
• Breach Notification: Within 72 hours as per regulations

Business Continuity

• Disaster Recovery: RPO < 1 hour, RTO < 4 hours
• Data Backups: Automated, encrypted, geo-redundant backups
• Failover Systems: Automatic failover to standby systems
• Regular Testing: Quarterly DR drills and testing
• Pandemic Planning: Remote operations capability

Security Audits

Internal Audits

• Quarterly security assessments
• Monthly vulnerability scans
• Weekly configuration reviews
• Daily security monitoring

External Audits

• Annual penetration testing by certified firms
• Bi-annual SOC 2 audits
• Annual ISO certification reviews
• Customer-initiated security assessments (Enterprise plans)

Data Residency

Regional Options

• United States: us-east-1, us-west-2
• European Union: eu-central-1, eu-west-1
• Asia-Pacific: ap-south-1 (Mumbai), ap-southeast-1
• Custom Deployment: Private cloud options available

Data Sovereignty

• Data remains in selected region
• No cross-border transfers without consent
• Compliance with local data protection laws
• Transparent data location reporting

Security Best Practices for Users

Account Security

1. Enable Multi-Factor Authentication
2. Use strong, unique passwords
3. Regularly review access logs
4. Rotate API keys periodically
5. Monitor account activity

Integration Security

1. Use encrypted connections only
2. Implement proper error handling
3. Validate all inputs
4. Follow principle of least privilege
5. Keep SDKs and libraries updated

Voice Data Handling

1. Obtain explicit consent for recording
2. Inform users about AI processing
3. Implement data retention policies
4. Use secure transmission protocols
5. Regular security training for staff

Vulnerability Disclosure

Responsible Disclosure Program

We encourage security researchers to report vulnerabilities responsibly.

Report Security Issues:
Email: security@okal.ai
PGP Key: Available on our website

Rewards Program

• Critical vulnerabilities: Up to $10,000
• High severity: Up to $5,000
• Medium severity: Up to $1,000
• Acknowledgment in Security Hall of Fame

Security Updates

Stay informed about security updates:

• Security Blog: security.okal.ai
• Status Page: status.okal.ai
• Security Advisories: Via email and dashboard
• RSS Feed: security.okal.ai/feed

Contact Security Team

For security-related inquiries:

Security Team
Email: security@okal.ai
Emergency: security-urgent@okal.ai

Chief Security Officer
Email: cso@raidu.in

Bug Bounty Program
Email: bugbounty@okal.ai

Trust Center

Visit our Trust Center for:

• Real-time system status
• Security documentation
• Compliance certificates
• Audit reports (upon request)
• Security whitepapers

Trust Center: trust.okal.ai

© 2025 Okal, an initiative of Raidu. All rights reserved.
Security is our commitment, not just a feature.