Security Architecture
Dainin employs a layered security architecture designed to protect data across infrastructure, application, and operational layers.
Platform Security Architecture
Users & Clients
Application Layer
AI Processing & Platform Services
Cloud Infrastructure Layer
Architecture Overview
Infrastructure Layer
Cloud hosting, network security, and physical infrastructure protections.
Application Layer
Authentication, access control, and application-level security measures.
AI Processing Layer
External LLM provider management and data minimisation controls.
Operational & Governance Layer
Policies, monitoring, incident response, and compliance oversight.
Infrastructure Layer
Our platform is hosted on enterprise-grade cloud infrastructure providers with comprehensive security certifications.
Amazon Web Services (AWS)
SOC 1/2/3, ISO 27001, PCI DSS
Google Cloud Platform (GCP)
SOC 1/2/3, ISO 27001, PCI DSS
Protections include:
- Encrypted data in transit (TLS 1.2+)
- Network segmentation and firewall rules
- DDoS protection and traffic filtering
- Automated infrastructure patching
- Geographic redundancy and disaster recovery
Application Layer
The application layer implements multiple security controls to protect user data and enforce access policies.
Role-Based Access Control
Granular permissions based on user roles and responsibilities.
Admin Access Controls
Elevated access requires additional authentication and audit logging.
Authentication
Secure authentication with session management and token-based access.
Real-Time Monitoring
Continuous monitoring of application behaviour and anomaly detection.
AI Processing Layer
AI processing is handled through external LLM providers with strict data minimisation controls. We do not train models on customer data.
External LLM Providers:
Data Minimisation Practices:
- Only relevant data segments are sent to LLM providers
- No customer data is used for model training
- Prompts are sanitised to remove unnecessary sensitive information
- Data retention at provider level follows contractual agreements
Data Flow Overview
Customer Input
User submits data through the platform interface via encrypted connection.
Platform Processing
Application layer processes the request with RBAC validation and input sanitisation.
AI Processing
Relevant data is sent to external LLM providers with minimal data exposure.
Results Returned
AI-generated results are returned to the platform and delivered to the user.
Logging & Audit
All interactions are logged for monitoring, audit, and compliance purposes.
Monitoring & Logging
Comprehensive monitoring and logging are implemented across all layers of our architecture to ensure visibility into system behaviour and rapid incident detection.
- Centralised logging of application and infrastructure events
- Real-time alerting for security-relevant events
- Audit trails for administrative and privileged actions
- Performance monitoring and anomaly detection
- Log retention in accordance with our data retention policy
Access Management
Access to systems and data is managed through strict controls to ensure the principle of least privilege is enforced at all levels.
- Role-based access control (RBAC) across all platform components
- Principle of least privilege for internal and external access
- Regular access reviews and permission audits
- Multi-factor authentication for administrative access
- Automated deprovisioning on role changes or offboarding
Security Governance
Our security governance framework ensures that security is embedded into every aspect of our operations and development processes.
- Documented security policies and procedures
- Regular security assessments and risk reviews
- Incident response plan and escalation procedures
- Employee security awareness training
- Vendor security assessment programme
- Change management and secure development lifecycle
Related Security Resources
For questions about our security architecture or to request detailed documentation, contact our security team.
security@dainin.ai