Information Security Policy

At Subduxion, we treat information security as a core part of how we design, build, and operate our AI systems and managed solutions. We follow ISO 27001 principles in practice, even though we’re not formally certified.

How we keep your data safe

• Access control: Only authorized team members can access client data, and only when necessary. Access is role-based, logged, and removed immediately when someone leaves a project.

• Secure devices: All company laptops are managed through MDM - encrypted, locked, and remotely wipeable if lost or stolen.

• Strong authentication: We enforce password managers, strong unique passwords, and multi-factor authentication (whenever possible) across all internal and cloud systems.

• Encrypted connections: All data in transit uses modern encryption (TLS 1.2+), and all major systems encrypt data at rest.

• Responsible development: We review code before deployment, keep dependencies up to date, and limit access to production systems.

• Vendors and hosting: We host with trusted, EU-based providers who meet ISO 27001 or SOC 2 standards as well as GDPR compliance. We vet every sub-processor for security and privacy compliance.

• Incident response: If something ever goes wrong, we act fast - incidents are logged, reviewed, and if data were ever at risk, we’d notify clients without unnecessary delay.

• Continuous improvement: As we grow, our practices evolve. Regular reviews keep our security controls practical, effective, and relevant.

Our mindset

Security isn’t paperwork - it’s a habit at Subduxion. Every person on our team understands the responsibility that comes with handling client data and technology.

For any security questions or concerns, reach us at security@subduxion.com