SimUserAI
Security & Compliance

Enterprise-Grade Security

Your data security is our top priority. SimUser AI implements privacy-preserving practices at every layer.

Architecture Security Layers

Defense in depth — five layers protecting your data at every level.

WAF & Rate Limiting

Web Application Firewall and intelligent rate limiting protect against DDoS, brute force, and abuse.

Network Isolation

VPC-based network isolation with private subnets, security groups, and no public-facing database endpoints.

Credential Encryption

AES-256 encryption at rest via AWS Secrets Manager. TLS 1.3 in transit for all data. Credentials never logged or sent to LLM endpoints.

Database Isolation

Per-tenant data isolation with dedicated encryption keys. No cross-customer data mixing in LLM calls or storage.

Audit Logging

Comprehensive audit trail for all data access, credential usage, and administrative actions.

AI/LLM Security Commitments

What we promise about how we use AI foundation models with your data.

No Training on Customer Data

Your application data, screenshots, and test results are never used to train any AI model.

Zero Model Provider Access

AWS Bedrock ensures model providers (Anthropic) have zero access to your prompts and completions.

ISO/IEC 42001

AWS Bedrock holds ISO/IEC 42001 certification — the international standard for AI management systems.

Private Connectivity

AWS PrivateLink ensures LLM API calls never traverse the public internet.

AI Guardrails & PII Masking

Automatic PII detection and masking in screenshots before any data is sent to LLM inference endpoints.

Compliance Roadmap

Our path to comprehensive compliance coverage.

GDPR

Planned

DPIA templates, SCCs for cross-border transfers, Article 25 data protection by design.

SOC 2 Type II

Q4 2026

SOC 2 Type II certification planned for Q4 2026, covering security, availability, and confidentiality.

LGPD

Planned

Data subject requests within 15 days, breach notification within 72 hours, ANPD-approved SCCs.

ISO 27001

2028

Information security management system certification planned for 2028.

Data Protection by Design

Privacy is built into every layer of SimUser AI, not bolted on.

PII Detection & Masking

Screenshots are processed to detect and redact PII (names, emails, addresses, phone numbers, financial data) before storage or LLM transmission.

Credential Isolation

AES-256 encryption at rest, TLS 1.3 in transit. Stored in AWS Secrets Manager, never logged or transmitted to LLM endpoints.

Configurable Retention

Default 30-day retention with customizable policies. Customers can set shorter retention or trigger immediate deletion.

Per-Tenant Data Isolation

Each customer's data is isolated — no cross-customer data mixing in LLM calls, no shared storage buckets, no aggregated training.

Have security questions?

Security is core to our team after years of leading SRE and Security teams. We're happy to walk through our security architecture in detail.

Ready to Transform Your Testing?

Join the waitlist — limited spots for teams that want to co-create the product.

Get Early Access