Operational Overview
- Cloud-oriented architecture designed for deployment flexibility across major providers.
- Strictly gated product access through direct sales/demo process.
- High-level public pipeline descriptions with no proprietary model or internal data-flow disclosure.
Website and API Controls
- TLS-enabled deployment expected at edge and application layers.
- Input validation and structured request handling for contact-sales API.
- Anti-spam controls: hidden-field trap and request rate limiting.
- Security headers: CSP, anti-framing policy, strict referrer policy, and content-type hardening.
Data Protection Posture
- Inquiry data stored in controlled backend storage with restricted team access.
- Administrative retrieval endpoints protected by token-based controls.
- Data minimization by collecting only business-contact fields required for sales/demo qualification.
Infrastructure Notes (MVP)
- MVP currently tested with labs at Nazarbayev University.
- Infrastructure strategy is cloud-agnostic (GCP, AWS, Azure, Oracle, and similar).
- Certification statements are intentionally non-committal at MVP phase.
Responsible Disclosure
If you identify a potential vulnerability, report it privately to security@denovox.org with reproduction details and impact assessment.
We review reports in good faith and coordinate remediation communications directly with reporters.