Architecture
YourAI runs entirely on AWS infrastructure in US regions. The stack is Next.js 15 (frontend) + FastAPI on ECS Fargate (backend) + Aurora PostgreSQL v2 with pgvector (database). There are no shared databases, no shared storage buckets, and no cross-org data paths.
Encryption
AES-256 at rest via AWS KMS (per-org keys). TLS 1.3 in transit. VPC endpoints for all internal AWS service communication.
Access Control
4-role RBAC (Admin/Manager/Associate/Client) enforced at the database level via Row-Level Security. Not application-level — RLS can't be bypassed by code bugs.
Network Security
All services run in private VPC subnets. No public-facing databases. WAF + CloudFront for DDoS protection. Security groups restrict all traffic to least-privilege.
Incident Response
Documented IR plan with defined roles and escalation paths. Breach notification within 72 hours (GDPR) / 60 days (HIPAA). Post-incident review process for every event.
Vulnerability Management
Automated dependency scanning, container image scanning, and quarterly penetration testing by third-party firms. Critical vulnerabilities patched within 24 hours.
Authentication
AWS Cognito with MFA enforcement. SAML/SSO available on Enterprise tier. Session tokens expire after 24 hours. All auth events logged to immutable audit trail.
Compliance Certifications
| Certification | Status | Scope |
|---|---|---|
| SOC 2 Type I | ✓ Certified | Security + Confidentiality + Availability |
| SOC 2 Type II | In Progress (2026) | Full 5 trust service criteria |
| HIPAA | ✓ Aligned | BAAs available, technical safeguards implemented |
| VADA | ✓ Partner | Document authentication and verification |