Launch
Mar 31, 2026
umamimind.ai icon
Request DemoContact
Trust & Compliance

Security Questionnaire

Procurement-ready responses to common enterprise and public-sector security questions. This page summarizes control intent; evidence is shared under NDA through the Trust Pack workflow.

Trust CenterComplianceExport CenterRequest Trust Pack

Scope and posture

Responses reflect UmamiMind’s current pilot-stage posture and are intended to be accurate without overstating certifications. Where an item is deployment-dependent (e.g., hosting region, storage provider, SSO configuration), the Trust Pack includes the deployment-specific details.

Standard questions

Do you encrypt data in transit?
Yes. Network traffic is protected using TLS for in-transit encryption.
Do you encrypt data at rest?
At-rest encryption is provided by the selected hosting/storage providers and deployment configuration. UmamiMind is designed to use managed encryption features where available.
How do you enforce tenant isolation?
Tenant isolation is enforced through application-level authorization checks and role-scoped access paths. Administrative and sensitive actions are logged for auditability.
Do you support least privilege and RBAC?
Yes. RBAC and least privilege are applied to user and administrative access. Privileged actions generate audit events that can be reviewed.
What is your approach to vulnerability management?
We use dependency hygiene, regular updates, and security review practices. Vulnerability intake is supported via responsible disclosure, and remediation is tracked through change control.
How do you handle incident response and customer notifications?
Incidents are detected, triaged, and mitigated using runbooks. Customer notifications are targeted to affected customers. Templates and post-incident review structure are available under NDA.
How is AI-driven automation governed?
Agents operate within policy-as-code guardrails. High-impact or irreversible actions require explicit approval (HITL) and are traceable through run logs, policy versions, and decision summaries.

Additional areas covered under NDA

  • Detailed subprocessor list for the target deployment (purpose, region, and safeguards)
  • Audit event taxonomy, sample evidence artifacts, and review cadence
  • Incident communications templates and post-incident review structure
  • Operational resilience assumptions (backup approach, recovery objectives, monitoring)
  • AI governance details (risk tiers, approval gates, and run traceability)

Pilot-stage notice

This content reflects pilot-stage operations; formal attestations and contractual SLAs are introduced as part of General Availability.

PilotsDemoTour