Company Policies

These policies document the security controls and operational practices implemented at Projan AI Ltd. Each policy is derived from our production infrastructure, application code, and deployment pipelines.

Access Control

Authentication, authorisation, session management, and account lifecycle controls.

Encryption & Key Management

Encryption at rest, in transit, key derivation, secret storage, and cryptographic controls.

Network Security

Network architecture, environment isolation, traffic controls, and infrastructure security.

Logging & Monitoring

Structured logging, PII protection, monitoring, alerting, and incident detection controls.

Change Management

Code change controls, CI/CD pipeline, deployment safeguards, and environment promotion.

Data Protection

Data categories, minimisation, retention, subject rights, AI data handling, and processor transparency.

Asset Inventory

Technology assets, data stores, third-party services, and data classification framework.

Contact

For questions about these policies or to report a security concern, contact security@projan.ai.