Back to Security
Technical Documentation

Enterprise Security Whitepaper

This document outlines Sunray Labs AI's security architecture, encryption standards, penetration testing methodology, audit logging practices, and data lifecycle controls for enterprise deployments.

Encryption Standards

All data in transit is protected with TLS 1.3. Data at rest uses AES-256 encryption with keys managed through a dedicated KMS with automatic rotation. Customer-specific encryption keys are available for enterprise tier deployments.

  • TLS 1.3 for all API and web traffic
  • AES-256 at rest for databases, object storage, and backups
  • Envelope encryption with per-tenant key isolation (enterprise)
  • Secrets stored in hardware-backed vaults, never in source code

Penetration Testing

Sunray Labs conducts annual third-party penetration tests against production-adjacent environments. Findings are triaged by severity, remediated within SLA windows, and re-tested before closure.

  • Annual external penetration test by accredited firm
  • Quarterly automated vulnerability scanning
  • Critical findings remediated within 72 hours
  • Summary reports available to enterprise customers under NDA

Audit Logging

Every administrative action, model invocation, and data access event is logged with timestamp, actor identity, and resource identifier. Logs are immutable, retained per contract, and exportable for compliance audits.

  • Structured audit logs with tamper-evident storage
  • SIEM integration via standard export formats
  • Role-based access reviews logged and reportable
  • AI inference requests logged with prompt hash (not raw content) by default

Data Lifecycle

Customer data follows a defined lifecycle: ingestion, processing, retention, and deletion. Data residency options are available for regulated industries. Customer datasets are never used to train shared models without explicit contractual consent.

  • Configurable retention policies per data class
  • Certified deletion on contract termination
  • Data residency: US, EU regions (enterprise)
  • No cross-tenant data mixing in multi-tenant deployments

Request Full Documentation

Enterprise customers receive the complete 40-page technical pack including SOC 2 readiness summary, subprocessors list, and incident response procedures.

Contact security@sunraylabs.ai for access under NDA.