Table of Contents
Security Overview
Communication Encryption
All communications are protected with TLS 1.3 encryption.
Data Encryption
Stored data is encrypted using AES-256.
PII Protection
Automatically detects and masks personal information.
Audit Logs
Records all access and operations for traceability.
Data Encryption
Communication Encryption (In Transit)
| Item | Specification |
|---|---|
| Protocol | TLS 1.3 (TLS 1.2 supported) |
| Cipher Suite | AES-256-GCM, ChaCha20-Poly1305 |
| Certificate | 2048bit RSA / ECDSA P-256 |
| HSTS | Enabled (max-age=31536000) |
Data Encryption (At Rest)
| Item | Specification |
|---|---|
| Encryption Algorithm | AES-256 |
| Key Management | AWS KMS (Key Management Service) |
| Database | Amazon RDS Encryption |
| Storage | Amazon S3 SSE-KMS |
PII (Personal Information) Protection
AITracer provides automatic detection and protection of personal information in LLM logs.
Auto-Detection Targets
- Email addresses: xxx@example.com, etc.
- Phone numbers: Japan, US, and international formats
- Credit card numbers: Major card brands supported
- Social Security Numbers (SSN): US format
- My Number: Japanese individual numbers
- IP addresses: IPv4, IPv6
Protection Methods
| Action | Description | Example |
|---|---|---|
mask |
Partial masking | user@***.com |
redact |
Complete removal | [REDACTED] |
hash |
Hashing | a1b2c3d4... |
none |
Detection only (no protection) | user@example.com |
SDK Configuration Example
tracer = AITracer(
api_key="at-xxxx",
pii_detection=True, # Enable PII detection
pii_action="mask", # Masking action
pii_types=["email", "phone", "credit_card"] # Specify targets
)
PII detection runs locally
PII detection is performed within the SDK, and only detected/masked data is sent to the server.
PII detection is performed within the SDK, and only detected/masked data is sent to the server.
Infrastructure
Cloud Provider
AITracer runs on Amazon Web Services (AWS).
| Item | Details |
|---|---|
| Primary Region | Tokyo (ap-northeast-1) |
| Database | Amazon RDS (PostgreSQL), Multi-AZ configuration |
| Cache | Amazon ElastiCache (Redis) |
| Storage | Amazon S3 (99.999999999% durability) |
| CDN | Amazon CloudFront |
| WAF | AWS WAF (DDoS protection, SQLi/XSS prevention) |
Network Security
- VPC: Resource isolation with private subnets
- Security Groups: Access control based on least privilege principle
- Network ACL: Additional defense at subnet level
- AWS Shield: Protection against DDoS attacks
Access Control
Authentication
- Password Policy: Minimum 8 characters with complexity requirements
- Two-Factor Authentication (2FA): Available on all plans
- SSO: SAML 2.0 support on Enterprise plan
- Session Management: Auto timeout, concurrent session limits
Authorization (Role-Based Access Control)
| Role | Permissions |
|---|---|
| Owner | All operations, billing management, member management |
| Admin | Project management, alert settings, member invitations |
| Member | Log viewing, analytics, alert viewing |
| Viewer | Log viewing only |
API Key Security
- Key Rotation: Regular key updates recommended
- Permission Scopes: Access scope restriction per key
- Usage Monitoring: Request count tracking per key
- Instant Revocation: Immediate key invalidation when compromised
Compliance
GDPR Compliant
APPI Compliant
AWS Well-Architected
GDPR (EU General Data Protection Regulation)
- Data Subject Rights: Right of access, rectification, erasure, and portability
- Data Processing Agreement (DPA): Available for Enterprise plan
- Data Location: EU region selection available (Enterprise)
- Privacy by Design: Privacy considerations from the design stage
Japan's APPI (Act on Protection of Personal Information)
- Proper Acquisition: Purpose of use clearly stated
- Security Measures: Technical and organizational measures implemented
- Third-Party Provision: No provision to third parties without consent
- Disclosure Requests: Responses to requests from individuals
Planned Certifications
| Certification/Standard | Status | Timeline |
|---|---|---|
| SOC 2 Type II | In Progress | Q3 2025 |
| ISO 27001 | Planned | Q4 2025 |
| HIPAA | Under Consideration | TBD |
Incident Response
Monitoring System
- 24/7 Monitoring: Continuous system availability monitoring
- Anomaly Detection: Machine learning-based anomaly pattern detection
- Alerts: Immediate engineer notification upon anomaly detection
Incident Response Process
- Detection: Detection through monitoring systems or user reports
- Assessment: Evaluation of scope and severity
- Response: Containment and recovery operations
- Notification: Notification to affected users
- Post-Mortem: Root cause analysis and prevention measures
SLA (Service Level Agreement)
| Plan | Availability Guarantee |
|---|---|
| Free / Starter | - |
| Pro | 99.9% |
| Enterprise | 99.95% (customizable) |
Security Inquiries
For security questions, vulnerability reports, or compliance inquiries, please contact us.
- Security Team: support@aitracer.co
- Vulnerability Reports: support@aitracer.co
- Compliance: support@aitracer.co
If you discover a vulnerability, we ask for responsible disclosure. We will respond promptly after verification.