Security

Virtual Minds Ltd is an ADGM-registered company. We protect your data with a layered set of technical and organisational controls on Google Cloud Platform, aligned with the ADGM Data Protection Regulations 2021.

☁️

Built on Google Cloud

Our platform runs on Google Cloud Platform, leveraging enterprise-grade infrastructure for security, scalability, and global availability.

☁️

Infrastructure

  • Hosted on Google Cloud Platform (GCP) with enterprise-grade SLA
  • Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • VPC isolation with private networking between services
  • Automated scaling and load balancing for high availability
  • Multi-region backup and disaster recovery capabilities
📋

Data Protection

  • Processing aligned with the ADGM Data Protection Regulations 2021 (DPR 2021)
  • Documented lawful bases and purposes for each category of processing
  • Written processor agreements with sub-processors handling personal data
  • Standard contractual clauses applied to cross-border transfers where required
  • Data subject rights workflow — access, rectification, erasure, restriction, objection, portability
🔐

Application Security

  • Secure software development lifecycle (SSDLC)
  • Input validation and output encoding to prevent injection attacks
  • Role-based access control (RBAC) with least-privilege principles
  • API authentication via OAuth 2.0 and API keys
  • Dependency scanning and automated vulnerability detection
🛡️

Data Privacy

  • User data segregation across tenant boundaries
  • Configurable data retention policies
  • Right to deletion — full data erasure on request
  • Anonymization for analytics and model improvement
  • No sale of personal data to third parties
🚨

Incident Response

  • Infrastructure monitoring and alerting on availability and security events
  • Documented incident response procedures with defined escalation paths
  • Post-incident review and remediation tracking
  • Personal data breach notification to the ADGM Office of Data Protection without undue delay and, where feasible, within 72 hours, as required by the DPR 2021
  • Affected individuals notified without undue delay where a breach is likely to result in a high risk to their rights

Security questions?

For security enquiries, vulnerability reports, or data protection requests, contact our team.

Contact Security Teamsecurity@virtualminds.tech