Your trust is our priority. Treedis is dedicated to maintaining the trust our customers place in us by safeguarding their data. We ensure this by prioritizing the security, privacy, and availability of information within our systems.

We are committed to transparency and upholding the highest standards of service through enterprise-grade certifications.
‍
ISO 27001 & GDPR: We provide all clients with a Data Processing Addendum (DPA) to prove compliance with ISO27001 and GDPR. Our ISO27001 certificate is available upon request.

‍Privacy & DPA: In addition to our terms of use and privacy policy, we offer a DPA to ensure regulatory compliance.

Our infrastructure is built within the Amazon Web Services (AWS) ecosystem, following AWS best practices to ensure top-notch security and availability.

‍High Availability: We target 99.9% availability. Our infrastructure automatically adapts to user demand using Amazon ECS Auto Scaling and Amazon Aurora Auto Scaling.

‍Global & Mirrored Hosting: Our servers are primarily hosted in the AWS us-east-1 region. For enterprise clients, we can replicate the entire infrastructure to a specific region to create a "mirrored" environment.

‍Disaster Recovery (DR): Critical servers are distributed across multiple availability zones. If one data center fails, another seamlessly takes over to ensure minimal service disruption.

‍Backups: All databases are backed up daily at 3 AM UTC+0, with snapshots retained for 30 days.

We employ rigorous encryption standards to protect data both in transit and at rest.

‍Encryption Standards: Treedis uses the TLS 1.3 protocol at transit. Data at rest within our AWS RDS relational databases is encrypted with AES-256.

‍Key Management: Encryption keys are stored separately and are accessible only to administrators with specific AWS IAM permissions using AWS KMS.

‍Sensitive Data: We do not process sensitive personal data such as credit cards (processed via Stripe). Passwords are hashed using the SHA-256 algorithm.

‍Data Leak Prevention: We utilize AWS Macie, a machine learning solution, to identify patterns that might indicate data leaks.

We deploy a multi-layered defense strategy powered by SentinelOne and AWS tools to protect our infrastructure.

‍Endpoint Detection and Response (EDR): All workstations and servers are protected by SentinelOne, providing real-time autonomous protection against malware and exploits.

‍Cloud Workload Protection (CWPP): We secure our AWS containerized workloads to ensure applications are protected from development through runtime.

‍Network Firewall (WAF): Treedis utilizes AWS WAF with complex rules including user agent detection, IP blacklisting, and regional blacklisting.

‍DDoS Mitigation: We implement strict rate limiting to protect against Distributed Denial of Service (DDoS) attacks and volumetric abuse.

‍Bot Protection: We utilize Google’s reCAPTCHA v3 to distinguish between human users and automated bots without adding friction to the user experience.

We support advanced authentication protocols to ensure only authorized users access your data.

‍Single Sign-On (SSO): Treedis supports any SAML 2.0 SSO provider, allowing enterprise clients to log in using their preferred solution (e.g., Microsoft Entra).

‍MFA & Access Control: Internal AWS IAM accounts are protected with Multi-Factor Authentication (MFA).

‍VPN & Private Access: Treedis fully supports AWS Site-to-Site VPN, allowing enterprise clients to communicate with our servers directly and securely.

‍Private Keys: Server access via SSH requires a private key (PEM file), accessible only to the CTO, COO, and DevOps Tech Lead.

Treedis offers specialized security for spatial digital twins, working in tandem with Matterport.

‍Web Spatial Data: "Digital twin" data for the web is hosted and managed by Matterport.

‍Augmented Reality (AR) Data: Spatial data for AR (Matterpak or E57) is hosted on both Matterport and Treedis servers to enable image recognition capabilities.

‍Private Model Embed (PME): Treedis offers a PME solution that allows users to set Matterport spaces to "private" (inaccessible publicly) while viewing them through a secure Treedis token. These tokens are short-lived (seconds or minutes) for maximum security.

‍OAuth Integration: Treedis connects to Matterport via a secure, time-limited OAuth connection and does not store credentials beyond the refresh token.

Secure Development: We utilize Snyk to automatically detect security anomalies in our code.

‍QA Process: We employ a rigorous QA process involving five different environments before code reaches production.

‍Penetration Testing: Treedis welcomes clients to perform penetration tests on our servers and provides full transparency regarding relevant endpoints.

Treedis partners with industry-leading vendors to deliver our services.

Primary Cloud Provider: Amazon Web Services (AWS).
‍
Spatial Data Partner: Matterport.
‍
Payment Processing: Stripe.
‍
Security Partners: SentinelOne (EDR/XDR) , Google (reCAPTCHA).

We are committed to transparency regarding our use of Artificial Intelligence. Our "Treedis AI" (TAI) system is designed with a privacy-first architecture, ensuring that your enterprise data remains secure, private, and under your absolute control.

We utilize a Retrieval-Augmented Generation (RAG) architecture to ensure your data is never used to train global models.
‍
No Model Training: We do not train or fine-tune foundation models (such as Anthropic Claude or Amazon Nova) on your data.

‍Contextual Reference Only: Your data is used strictly as a reference library to answer specific queries. Context is purged and not retained by the model for future learning.

‍Data Ownership: You retain full ownership of all uploaded data and intellectual property. Treedis AI acts solely as a synthesis and retrieval layer.

Treedis AI is built within the secure Amazon Web Services (AWS) ecosystem, utilizing enterprise-grade protection.

‍Isolated Environments: AI workloads and data are stored in isolated environments using Amazon S3 for documentation and Amazon Aurora PostgreSQL for vectorized search databases.

‍Encryption: All data is encrypted in transit via TLS 1.2+ and at rest using AES-256 encryption.

‍Network Isolation: We enforce strict AWS IAM policies and private subnets, ensuring AI data processing is never exposed to the public internet.

We prioritize "Explainable AI" by combining semantic understanding with verifiable data retrieval.

‍Hybrid Search Technology: Our system merges Semantic Search (intent-based) with Keyword Search (exact-match) to eliminate "hallucinations" and ensure factual precision.

‍Source Citations: Every response generated by TAI includes direct citations to the source documents, allowing for instant verification.

‍Foundation Models: We leverage best-in-class models via Amazon Bedrock, including Anthropic Claude 3.5 Sonnet and Amazon Nova Pro for reasoning, and Amazon Titan for secure data indexing.

Our AI implementation includes proactive layers of protection to maintain a safe production environment.

‍Content Filtering: We utilize Amazon Bedrock Guardrails to automatically filter harmful content and detect Personally Identifiable Information (PII) before it reaches the user.

‍Algorithmic Transparency: For technical workflows, such as our SQL Agent, we provide full visibility into the generated code, ensuring the logic used to retrieve your data is interpretable and auditable.

‍Bias Mitigation: The foundation models integrated into Treedis have undergone extensive safety training to prevent the generation of biased or hateful content.