Security

At rest. All documents and data stored on our infrastructure are encrypted using AES-256. Encryption keys are managed separately from the data they protect.

In transit. All data transmitted between your device and our servers is protected with TLS 1.2 or higher. We enforce HTTPS across all endpoints with HSTS headers.

Access to production systems is restricted to authorized personnel only, enforced by multi-factor authentication and role-based permissions with the principle of least privilege. Each user and team operates in a logically isolated environment — your documents are never accessible to other organizations, and access is enforced at the API and database layers.

We understand that the documents you upload may contain highly sensitive information — NDAs, contracts, litigation materials, financial filings. We treat every uploaded document with the same level of care:

• Documents are stored encrypted and scoped exclusively to your account or team
• Documents are never used to train AI models
• Documents are never shared with other customers
• AI inference is performed using your document content on a per-request basis only
• Upon account deletion, documents are purged within 30 days

Sidera uses secure, token-based authentication. User sessions are managed with short-lived JWT tokens and refresh token rotation. Passwords are never stored in plaintext — only salted cryptographic hashes are retained.

We recommend using a unique, strong password or a password manager. If you believe your account has been compromised, you can revoke all sessions immediately from within the application.

Sidera is hosted on enterprise-grade cloud infrastructure with redundancy and availability guarantees. Our backend is built in Rust — a memory-safe language that eliminates entire classes of vulnerabilities like buffer overflows and use-after-free bugs common in other server-side languages.

We operate in environments with network-level firewalls, private VPC configurations, and no unnecessary publicly exposed services. Our infrastructure is continuously monitored for anomalous access patterns and potential security incidents. Databases are backed up regularly with point-in-time recovery and stored in geographically separated locations.

If you discover a potential security vulnerability in Sidera, we ask that you report it to us responsibly before making it public. We commit to acknowledging your report within 48 hours and working with you to resolve confirmed issues promptly.

To report a vulnerability, email us at security@siden.ai. Please include a description of the issue, steps to reproduce, and your contact information. Do not include sensitive data in your report.

If you have questions about our security practices, contact us at security@siden.ai.