Security Policy
Public-facing security documentation
This page is public-safe — designed for enterprise security questionnaires. Keep technical enough to be credible, without revealing architecture specifics.
1. Our security commitment
ATRIYA is built on the principle that security cannot be an add-on; it must be the substrate. Our entire architecture is designed to enforce constitutional governance over every AI action.
2. Infrastructure security
We utilise enterprise-grade cloud providers with robust physical and network security. All data is encrypted at rest and in transit using industry-standard cryptographic protocols.
3. Access control
ATRIYA uses a constitutional authority model for system and data access. This is structurally enforced at the substrate level, moving beyond traditional ACL-based security that can be easily bypassed.
4. Audit and logging
The platform maintains a hash-linked, immutable audit chain for all governed AI calls. Every decision, evaluation, and execution event is recorded and verifiable.
5. Vulnerability disclosure
We welcome responsible disclosure of potential security vulnerabilities. Please report any issues to security@atriya.systems for timely assessment and remediation.
6. Penetration testing
We conduct regular, independent penetration testing across our constitutional pipeline and audit infrastructure. Detailed reports are available to enterprise customers under NDA.
7. Incident response
We maintain a robust incident response policy with a commitment to notify affected customers within established regulatory timeframes.
8. Contact
For all security-related enquiries, please contact our security team at security@atriya.systems.