ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
2
NameObviously AI
3
DocumentSecurity FAQs
4
Last Updated01/04/2022
5
6
Before your begin, please review our security compliance overview document:
https://www.obviously.ai/security
7
8
#TopicQuestionAnswer
9
10
1Product
11
1.1CompanyObviously AI, Inc. a Delaware corporation
12
1.2ProductObviously AI
13
1.3SolutionA No-Code Machine Learning tool for business users.
14
1.4User ScenarioUser uploads dataset or connects to database system. User picks column they want to predict. Obviously AI automatically builds an algorithm to make that prediction, deploys it on cloud server and displays a prediction report.
15
16
2Security & Oversight
17
2.1Is there a formal program in place for security?Yes
18
2.2Name of individual that oversees securityTapojit Debnath
19
2.3Title of individual that oversees securityChief Technology Officer
20
2.4Contact of individual that oversees securityinfo@obviously.ai
21
2.5Where can we find a privacy policy?https://www.obviously.ai/privacy-policy
22
2.6Where can we find a terms of use document?https://www.obviously.ai/terms-of-use
23
24
3Cloud Server
25
3.1What cloud service is used?Google Cloud Computing Services (GCP)
26
3.2Which server region does the platform run on?US-West 2
27
3.3Where can we find compliance overview for GCP?https://cloud.google.com/security/compliance
28
3.4Is Obviously AI compliant with GCP security and regulations?Yes
29
30
4Access Control
31
4.1Does Obviously AI provide Multi-factor authentication?Yes, for Pro Plus plans only.
32
4.1Does Obviously AI have "access control functions" by IP address, Mac address, or Electronic Certificate, when users access to your Dashboard?Yes, for Pro Plus plans only.
33
34
5Data Export
35
5.1What kind of data can users export?- CSV containing predictions output
- CSV containing analytics output
- PNG images of graphs in Analytics
- Google Drive Spreadsheet containing predictions output
- Shareable Report URL
36
37
6Storage & Backup
38
6.1How does Obviously AI backup and restore systems on GCP?- Relational DB backups are made by Cloud SQL
- GCS buckets, Datastore are backed up daily by cron jobs
39
6.2Can Obviously AI backup user's account information like login ID?Yes. All storage solutions we use are backed up daily.
40
41
7Log Data
42
7.1What kind of logs does Obviously AI keep?API error logs with stack trace.
43
7.2How long are the logs stored?1 Month
44
7.3Does Obviously AI record administrator's operations on logs?Yes
45
7.4Can administrator manage access of other users?Yes
46
7.5Can user see logs?No
47
7.6Does Obviously AI record user's IP addresses when they login?Yes
48
49
8Support
50
8.1Where can we find system operation status and informations about system failure?https://status.obviously.ai/
51
8.2Does Obviously AI contact user via email or phone when system is stopped for maintainance?Yes
52
8.3Does Obviously AI contact user via email or phone when system faces and unexpected shutdown?Yes
53
54
9Security Audits
55
9.1Does Obviously AI have any third-party certification for your system security?No
56
9.2Does Obviously AI take any safety measures prevent computer virus and malicious softwares?Yes, our application components are hosted on a VPC, client (browser) communication is SSL- encrypted and all CSV file data is end-to-end encrypted.
57
9.3What measures does Obviously AI take to improve avalilability of the platform?We use Kubernetes components that Autoscale on increased traffic/pod failure. This handles both Redundant constitution and Server duplication.
58
59
10
Unauthorized access countermeasures
60
10.1Does Obviously AI conduct the following vulnerability inspections for its web application: Penetration test on Web server
- Dynamic program analysis for programs
- Static program analysis for programs
- Measures in which you can develop system without vulnerability
- No
- Yes, our automated scripts run detailed checks during build time to ensure website routes behave as anticipated.
- Yes, we use code linters/syntax checkers appropriate to programming language.
- Yes, our scripts automatically run checks to ensure appropriate authentication guards are present on routes before deploying new code.
61
10.2What measures does Obviously AI take to prevent unauthorized access for safety?We use Google Cloud Security Command Center to monitor and respond to all potential threats. This involves IPS / IDS, WAF and file tampering detection.
62
What measures does Obviously AI take to protect against DDOS?We take the following measures:
- VPC
- VPC Network Isolation via NAT
- Autoscaling via Kubernetes
- Internal Load Balancing 5. API rate limiting
- Resource Quotas
63
64
More questions? Feel free to contact us on:
info@obviously.ai
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100