drel
Security

We assess AI security.
We take ours seriously too.

Drel is built by security practitioners. We apply the same rigor to our own infrastructure that we help our customers apply to their AI systems.

TLS 1.2+Encryption in transit
AES-256Encryption at rest
MFARequired for all access
24/7Infrastructure monitoring
How we think about security

What we actually do.

Your data doesn't leave to train models

Assessment inputs are processed to generate your pack and nothing else. We don't use your system descriptions to train our models unless you explicitly opt in. When you do, content is anonymized before it touches any training pipeline.

Encrypted end to end, always

TLS 1.2+ in transit, AES-256 at rest. That includes assessment content, account data, and backups. There's no configuration where your data sits unencrypted.

We use Drel on ourselves

Every significant change to our infrastructure goes through a Drel assessment before it ships. We're not exempt from our own process — if anything, we're the most demanding customer.

Least privilege, no exceptions

Production access requires MFA and is scoped to what each person actually needs. We audit it. When someone leaves or changes roles, access is revoked the same day.

Dependencies are not an afterthought

We scan for known vulnerabilities on every deployment, not on a quarterly schedule. If a CVE drops in something we use, we know about it before most people have read the advisory.

No security theater

We're working toward SOC 2 Type II because enterprise customers need it, not because a badge makes us feel secure. The controls exist first; the audit comes second.

Compliance

Certifications & standards

We are working toward formal certifications and maintain compliance with applicable data protection regulations. Enterprise customers can request our security documentation.

Request security docs →
SOC 2 Type IIExpected Q3 2026
In progress
ISO 27001Roadmap 2026
Planned
GDPREU data processing
Compliant
CCPACalifornia privacy
Compliant

Found a vulnerability?

We appreciate responsible disclosure. If you've found a security issue in Drel, please report it to us before going public. We commit to:

  • Acknowledge your report promptly
  • Keep you informed as we investigate and fix the issue
  • Credit you in our security acknowledgments (if you wish)
  • Not pursue legal action for good-faith research
Security disclosure

Send your report to our security team. Please include a description of the vulnerability, steps to reproduce, and potential impact.

security@drel.ai

PGP key available on request. Please do not disclose publicly before we've had a chance to respond.