Security & Compliance

Simcode is committed to building enterprise-grade security, privacy, and governance suitable for institutional users.

Last updated: 2026-03-02

Data Handling & Privacy

Data minimization: We collect and retain only the data necessary to provide the service.
Customer confidentiality: Customer data is treated as confidential and is not sold to third parties.
Data usage for model training: By default, customer-provided data is not used to train shared models unless explicitly agreed in writing.

Encryption

In transit: TLS is used to protect data transmitted between clients and our services.
At rest: Encryption is used for stored data where applicable (e.g., databases, object storage).

Access Controls

Least privilege: Access is restricted to authorized personnel on a need-to-know basis.
Authentication: Support for modern authentication methods (e.g., SSO/SAML) can be provided for enterprise customers.
MFA: Multi-factor authentication is used for administrative access where applicable.

Security Monitoring & Logging

Audit logs: Administrative activities and access events are logged for review.
Monitoring: We monitor service availability and security-relevant events to detect anomalies.
Incident response: We maintain incident response procedures to triage and remediate security events.

Application Security

Secure development: We follow secure engineering practices including code review and dependency management.
Vulnerability management: We track and remediate security issues and critical vulnerabilities.
Separation of environments: Development and production environments are separated where feasible.

Compliance & Governance

Security roadmap: Simcode is building its security program in alignment with widely recognized enterprise security frameworks.
Future certification: Formal third-party certifications such as SOC 2 are planned as the company scales.
Documentation: Security documentation and architecture details can be shared under NDA upon request.

AI & Model Governance

Explainability: Outputs are designed to be interpretable, with traceable factor contributions and scenario assumptions.
Model updates: Model parameters may be re-estimated on a rolling basis to adapt to regime changes.
Human oversight: We provide documentation and guidance to support appropriate model use and interpretation.

Contact

If you have security questions or require a security review package, please contact us:

Email: help@simcode.ai (or your preferred security contact)