Security & Trust

Quick access

Security

Secure Software Development

Security is at the heart of everything we do. Our goal is always to provide customers with secure products and services. Our security team works hand in hand with the development teams to ensure our solutions are defended from internal and external security threats. Each team has one or several security referents, who are part of a Security Guild. We employ third-party security tooling to continuously scan our software, workstations, and servers against common security risks.

Separation of Environments

Testing and staging environments are separated from the production environment. No production data is used in our development or test environments.

Data Isolation

Fluid Topics is a multi-tenant web application. Customer databases are separated from each other. Customer file storage and other systems that handle data are secured by application logic that ensures that only the relevant customer is granted access.

Maintenance

We will notify customers in advance of any major changes that will cause service downtime. Our team will frequently update the system with upgrades, bug fixes, and patches, with no downtime or customer impact. In the rare event where the customer might be affected, he will be notified by email and/or our helpdesk tool.

ISO 27001 Certification

Antidot has achieved ISO 27001:2022 certification for Fluid Topics demonstrating the company’s commitment to the highest level of internal compliance and security. Being ISO 27001 certified guarantees that we have achieved the highest security level and is a testament to the fact that we prioritize data security for its clients, investors, partners, and employees.

• All data is rigorously protected
• Risks and vulnerabilities are assessed, minimized, and eliminated
• Our software product and infrastructure are robust and secure
• We have an internal culture of security, so all employees prioritize information security by design
• We demonstrate operational excellence when it comes to our IT, R&D, HR, and information processes

You can view our certificate here.

Threat Intelligence

At Fluid Topics, we prioritize cybersecurity through a comprehensive Threat Intelligence approach, which involves continuous threat monitoring, rigorous data analysis, and proactive defense strategies. By analyzing emerging risks and adversarial tactics, our team anticipates potential attacks and implements robust measures to protect our infrastructure and client data. Additionally, we collaborate with leading threat intelligence providers and global cybersecurity communities to enhance our security practices, ensuring that we effectively mitigate risks and uphold the integrity of our services.

Data Residency

We operate data centers in the United States, Europe, and Asia. We work closely with our customers to meet any specific needs. For example, if requested, customer data can reside solely in one location (i.e., US only).

Our Commitment to Data Privacy

At Fluid Topics, we recognize that the protection of personal data and privacy is crucial for building trust with our clients and their users. We are dedicated to implementing robust data privacy practices that ensure the confidentiality, integrity, and availability of all personal information we handle. We actively monitor and comply with relevant data privacy regulations and standards, including GDPR, CCPA, and other applicable laws, to ensure that our practices are aligned with best practices in data protection.

Network Security

We have configured networks with a security architecture that consists of multiple security zones. Databases, application servers, source code, and CI/CD tooling are protected in our most trusted zones. Depending on the zone, additional security monitoring and access controls are applied.

Penetration Tests

Penetration tests are performed regularly by an independent third party. Any issue reported after these pentests is immediately assessed. If a fix is required, then it is dealt with using the highest priority possible.

Intrusion Detection and Prevention

We use intrusion detection and prevention measures to detect malicious behaviors, this includes alerting administrators of malicious activity and policy violations, as well as identifying and taking action against attacks.

Incident Detection and Response

Security events and incidents are managed through a dedicated team. Responses to security issues are led by an Incident Response Coordinator. Incident response plans are tested regularly. A Blameless Postmortem meeting is organized after every incident. In case of major technical breakdowns there is a tested disaster recovery process.

Continuity

We have an established Business Continuity Plan.

Encryption (At Rest and in Transit)

All communication to and from the Fluid Topics service is encrypted with AES-256 encryption and TLS 1.3 (or 1.2 if access from older devices is required).

Compliance

Risk Management

We have defined processes and procedures for managing and assessing information systems and operational security risks. Regular assessments are performed to identify and assess the likelihood and impact relating to risks. These risks can include those regarding unauthorized access, use, disclosure, or disruption to Fluid Topics systems and customers. Risks are categorized in accordance with a formally documented procedure.

Audit

We are subject to several audits each year, both internal and external, to ensure security is upheld and continuously improved.

Legal and Regulatory Compliance

We are committed to maintaining compliance with all regulatory, legislative, and contractual requirements and continually assess relevant rules and legislation affecting our business.

Human Resources

NDA

Non-disclosure agreements are signed with all employees and relevant third parties before gaining access to sensitive information. The NDAs are valid during and after contract termination.

Security Training

Participation in Fluid Topics’ Security training is mandatory for all employees. Personnel whose roles may bring them into contact with customer data are also required to undertake additional training.

Access Control

Access control is restricted to authorized users or processes based on job function and in line with the principle of least privilege. An extensive Access control review is performed quarterly. Employees exiting Fluid Topics have all external access removed on the day they leave the company (other credentials requiring internal access removed within 1 business day).

All Fluid Topics employees must use a unique password for each of their work-related accounts. Passwords are not to be shared with anyone, including managers and colleagues. All passwords are treated as sensitive, confidential Fluid Topics information.

Each customer’s platform settings, documentation, and analytics in Fluid Topics may be accessed for support purposes depending on approval by the customer.

AI in Fluid Topics

AI Availability

All customers may take advantage of our AI features. Customers may contact our customer success team for more information on how to test the features and upgrade their subscription.

Content Security

Our AI setup values your privacy and security. We run embeddings computations and the vector database internally, so no content is ever leaked to external sources. We also provide content access rights management so customers with access to Fluid Topics’ Retrieval Augmented Generation (RAG)-enabled tools only provide information that each user is authorized to see via the RAG system.

Encryption

The same level of data encryption is used across Fluid Topics services and AI tools: AES-256 encryption and TLS 1.3 (or 1.2 if access from older devices is required).

LLM Privacy and Hallucinations

Each customer is free to select their preferred Large Language Model (LLM) to access natural language processing for AI and RAG-enabled tools within Fluid Topics. Customers should check the privacy policy on the website of their chosen LLM for security specifics.

If the accuracy of generated responses does not meet expectations, customers have the option to choose another LLM.