Skip to content
Sociable AI Documentation

Infrastructure Security

Cloud Infrastructure

Sociable AI leverages industry-leading cloud providers with robust security certifications to host our infrastructure:

Google Cloud Platform (GCP)

  • Network Security: VPC isolation, firewall rules, and private networking
  • Identity Management: IAM with least privilege access controls
  • Monitoring: Cloud Monitoring and Cloud Logging for security events
  • Data Storage: Encrypted BigQuery instances for analytics data

Amazon Web Services (AWS)

  • Network Segmentation: VPC isolation for service boundaries
  • Access Control: IAM roles with minimum required permissions
  • Secret Management: AWS Secrets Manager for credential storage

Vercel

  • Edge Network: Global CDN with DDoS protection
  • TLS Enforcement: Mandatory HTTPS for all traffic
  • Deploy Previews: Isolated preview environments for testing

Deployment Security

CI/CD Pipeline

  • Code Scanning: Automated security scanning during build process
  • Dependency Validation: Vulnerability checking of third-party dependencies
  • Infrastructure as Code: Consistent, auditable infrastructure definitions
  • Secrets Management: Secrets never exposed in source code or logs

Environment Isolation

  • Development/Production Separation: Complete separation of environments
  • Staging Environment: Pre-production testing in isolated infrastructure
  • Access Controls: Different access permissions per environment

Microservices Architecture Security

Our service-oriented architecture implements multiple security layers:

  • Service Boundaries: Clear isolation between different service domains
  • API Gateway: Centralized authentication and authorization
  • Internal Communication: Service-to-service authentication
  • Rate Limiting: Protection against abuse and DoS attacks

Data Processing Infrastructure

Pub/Sub Messaging

  • Authentication: Service account authentication for publishers/subscribers
  • Encryption: Automatic encryption of messages in transit and at rest
  • Access Controls: Topic-level access control policies

Compute Resources

  • Container Isolation: Services run in isolated container environments
  • Auto-Scaling: Resource optimization and resilience to load spikes
  • Vulnerability Management: Regular OS and runtime patching

Network Security

  • TLS Everywhere: All internal and external communication uses TLS 1.2+
  • API Security: Authentication required for all API endpoints
  • IP Restrictions: Access controls based on IP address where appropriate
  • Web Application Firewall: Protection against common web vulnerabilities

Monitoring and Incident Detection

  • Log Aggregation: Centralized logging for security analysis
  • Alerting: Comprehensive alerting system leveraging Google Cloud Security Command Center, AWS CloudWatch, Vercel Analytics, Sentry, Clerk Security Alerts, Supabase Security Monitoring, Stripe Radar, and GitHub Security Alerts
  • Metrics: Performance and security metrics collection
  • Intrusion Detection: Monitoring for unusual access patterns

Disaster Recovery

  • Backup Strategy: Regular automated backups of critical data
  • Recovery Testing: Periodic testing of restore procedures
  • High Availability: Redundant systems for critical components
  • Business Continuity: Documented procedures for major incidents

Physical Security

Our cloud providers maintain physical security controls including:

  • Data Center Security: 24/7 security staff, biometric access controls
  • Environmental Controls: Fire suppression, climate control, redundant power
  • Compliance: SOC 2, ISO 27001, and other physical security certifications