Security

This Security Policy (hereinafter the “Policy”) outlines the organizational and technical measures implemented by Plaida across its platform, designed to prevent any unauthorized access, use, alteration, or disclosure of Customer Data. Plaida’s services (hereinafter the “Services”) are hosted on highly secure Canadian cloud platforms. Plaida is committed to providing an artificial intelligence (AI) photo generation service that complies with data privacy and security requirements.

1. Automated Deployment Process

Plaida has implemented functional and regularly used automation processes, allowing for the secure and reliable deployment of changes to its application and operating platform within minutes.

As code deployments are generally performed on a regular basis, Plaida is confident in its ability to promptly implement required security patches.

2. Authentication

Plaida uses passwordless authentication. This modern approach to account security offers several significant advantages over traditional password-based systems.

3. Application Monitoring

Plaida employs application monitoring tools to identify and resolve incidents quickly. All access to Plaida is logged. Actions taken on production consoles are recorded.

4. Data

The protection of the Customer’s personal data, including the photographs they upload, is an absolute priority for Plaida. Plaida undertakes to comply with applicable regulations regarding the processing of personal data. Photographs uploaded by the User are used solely for the purpose of training their own generative image AI model, exclusively within the scope of the Service offered to the Customer. These photographs are stored temporarily. In accordance with the Customer’s instructions, photographs uploaded by the User are destroyed by Plaida within thirty (30) days of their upload.

Customer Data is stored in multi-tenant databases; Plaida does not maintain separate databases for each client. Notwithstanding the foregoing, rigorous privacy controls are integrated into Plaida’s application code, designed to ensure the logical segregation of data and prevent one client from accessing another client’s data. Each Plaida system used for processing Customer Data is configured and patched using commercially reasonable methods and in accordance with industry-recognized system security standards. Plaida uses certain sub-processors for the processing of Customer Data.

5. Data Transfer

The Plaida Service is fully accessible via HTTPS. All data transmitted to or from the Plaida platform is encrypted in transit using a robust encryption algorithm. Plaida API and application endpoints exclusively use TLS/SSL protocols. Plaida encrypts all sensitive data at rest using an industry-standard encryption algorithm.