Gridex AIGridex AI

Information Security Policy

Last updated: November 2025

1. Purpose and Scope

This Information Security Policy establishes the framework for protecting Gridex AI's information assets, customer data, and technology infrastructure. The policy defines security standards, responsibilities, and procedures to ensure the confidentiality, integrity, and availability of all information systems.

Scope: This policy applies to all employees, contractors, consultants, temporary workers, and third parties who access Gridex AI systems, networks, or data, regardless of location or device ownership.

2. Roles and Responsibilities

Information security is a shared responsibility across the organization:

2.1 Security Officer

Name: Tamas Szilagyi

Email: [email protected]

Responsibilities:

  • Overall management of information security program
  • Security incident response coordination
  • Security policy development and enforcement
  • Security risk assessment and mitigation
  • Compliance monitoring and reporting
  • Security awareness and training coordination

2.2 All Personnel

  • Protect company and customer data from unauthorized access
  • Use strong authentication and follow password policies
  • Report security incidents and suspicious activities immediately
  • Complete required security awareness training
  • Comply with all information security policies
  • Use company resources responsibly and ethically

3. Data Classification

Gridex AI classifies data into three categories to determine appropriate security controls:

3.1 Public Data

Information intended for public disclosure or already publicly available.

Examples:

  • Marketing materials and public website content
  • Published product documentation
  • Public blog posts and press releases

Controls: No special handling required, but integrity must be maintained.

3.2 Confidential Data

Internal business information that could harm the company if disclosed.

Examples:

  • Business plans and internal strategies
  • Financial information and pricing models
  • Employee information (non-sensitive)
  • Internal technical documentation
  • Non-public product roadmaps

Controls: Access restricted to employees with business need; encrypted in transit; secure storage required.

3.3 Highly Confidential Data

Sensitive information that could cause significant harm if disclosed, including all customer data.

Examples:

  • Customer personal data (names, emails, business information)
  • Customer conversation logs and AI interactions
  • Authentication credentials and API keys
  • Subscription status metadata (payment processing handled by Stripe, a PCI-compliant third party - we do not store credit card data or invoices)
  • OAuth tokens for third-party integrations (Google Calendar, Meta Messenger/WhatsApp)
  • Customer knowledge base documents and embeddings
  • Security configurations and vulnerability information
  • Source code and proprietary algorithms

Controls: Strict access controls with MFA required; encrypted at rest and in transit; audit logging enabled; regular access reviews; secure deletion procedures.

4. System Architecture and Trust Boundaries

Gridex AI operates a cloud-native architecture entirely within the Microsoft Azure ecosystem. This section describes the system components, trust boundaries, and data flows.

4.1 System Components

4.2 Trust Boundaries

Trust boundaries define where data crosses from untrusted to trusted zones. Gridex AI enforces security controls at the following boundaries:

5. Access Control and Authentication

Gridex AI implements strong access controls to protect systems and data:

5.1 Authentication Requirements

5.2 Access Control Principles

5.3 Password Policy

  • Minimum 12 characters for all accounts
  • Must not be reused across Gridex AI and personal accounts
  • Change immediately if compromise suspected
  • Never share passwords with anyone, including IT support
  • Do not write down or store unencrypted
  • Avoid common patterns (e.g., "Password123", "Welcome123")

6. Data Protection and Encryption

Gridex AI implements comprehensive encryption to protect data throughout its lifecycle:

6.1 Encryption Standards

6.2 Infrastructure Security

6.3 AI Model Data Protection

Customer data used with AI models receives special protection:

  • Azure OpenAI Service ensures customer prompts and completions are NEVER used to train AI models
  • Customer data is NOT available to Microsoft or other Azure customers
  • Data remains exclusively within customer's Azure tenant
  • Complete data isolation between different Gridex AI customers
  • No human reviewers access customer data without explicit permission

7. Email and Communications Security

7.1 Email Usage Policy

8. Network and Wireless Security

8.1 Wireless Network Security

9. Security Incident Response

Gridex AI maintains a comprehensive Incident Response Policy to handle security events effectively.

For detailed incident response procedures, severity classifications, and response times, please refer to our Incident Response Policy.

10. Business Continuity and Disaster Recovery

Gridex AI maintains business continuity and disaster recovery capabilities to ensure service availability:

10.1 Data Backup and Recovery

11. Employee Responsibilities

All Gridex AI personnel must adhere to the following security practices:

12. Policy Compliance and Enforcement

12.1 Compliance Monitoring

  • Regular security audits and vulnerability assessments
  • Automated security monitoring and alerting
  • Access log reviews and anomaly detection
  • Periodic security awareness training and testing
  • Third-party security assessments and penetration testing

13. Policy Review and Updates

This Information Security Policy is reviewed and updated at least annually, or more frequently in response to significant security incidents, regulatory changes, or business needs. All personnel will be notified of material changes and required to acknowledge updated policies.

14. Questions and Contact Information

For questions about this Information Security Policy or to report security concerns:

Security Officer: Tamas Szilagyi

Email: [email protected]

TeleCetli Kft.

7634 Pécs, Darázs dűlő 70., Hungary

Legal

Privacy PolicyTerms of ServiceCookie Settings

Security

Information SecurityIncident ResponseVulnerability Disclosure

Help

Support

© 2026 Gridex AI. All rights reserved.

Back to Gridex AI