Security

Our Security Architecture

Security is not a feature of VelorQ — it is the foundation. Every architectural decision in the platform is made with data security as a primary constraint, not an afterthought. Here is what that means in practice.

Six-Layer Data Isolation

VelorQ's most important security property is that your organisation's data never reaches any other customer. This is enforced through six independent architectural isolation layers:

• Layer 1 — Network isolation: Customer environments run in dedicated network segments with no cross-customer routing.
• Layer 2 — Compute isolation: AI inference and data processing run in isolated compute contexts per organisation.
• Layer 3 — Storage isolation: All data is stored in organisation-specific encrypted storage with no shared databases.
• Layer 4 — Model isolation: Domain models (AURA, SAGE, NOVA) never train on customer data or share parameters across organisations.
• Layer 5 — API isolation: Every API call is authenticated and scoped to a single organisation. Cross-organisation calls are architecturally impossible.
• Layer 6 — Audit isolation: Every action generates an immutable, organisation-specific audit log that cannot be modified or accessed by other parties.

Encryption

• At rest: All data is encrypted using AES-256.
• In transit: All communications use TLS 1.3. No unencrypted transmission is permitted.
• Key management: Encryption keys are managed per organisation and rotated regularly.

Compliance Standards

• ISO 27001 aligned information security management
• India Digital Personal Data Protection (DPDP) Act 2023 compliant
• HIPAA-aligned data handling for healthcare customers
• India data residency — customer data remains within India
• Immutable audit trail on every AI action for regulatory traceability

Access Controls

VelorQ enforces role-based access control (RBAC) across all platform functions. All administrative access requires multi-factor authentication. Access is granted on the principle of least privilege.

Vulnerability Management

We conduct regular security assessments and penetration testing. Identified vulnerabilities are tracked, prioritised, and remediated according to a defined severity framework.

Reporting a Security Issue

If you discover a security vulnerability in VelorQ.ai, please report it responsibly to security@velorq.ai. We will acknowledge your report within 48 hours and keep you informed of our response. We ask that you do not publicly disclose the issue until we have had the opportunity to address it.

Contact

For security enquiries: security@velorq.ai