Security and Privacy with Digital Mirror​

An Uncompromising Approach to Security 

Customer-Controlled Data Encryption 

Each customer retains complete control over their data using their own private encryption keys. This ensures that even if the encryption key is lost or deleted, no one—including Digital Mirror—can access the data. Such a model guarantees absolute ownership and privacy for users. 

To further enhance data security, all customer data is stored in separate instances, ensuring a clear demarcation between different accounts. This isolation reduces the risk of cross-account data leaks and bolsters the integrity of stored information. We achieve this using standard Google Cloud infrastructure. 

Secure Cloud Infrastructure 

Google Cloud infrastructure is a globally distributed, highly secure, and scalable platform designed to support enterprise workloads with high performance and reliability. It consists of a network of data centers across multiple regions and a private fiber-optic network offering built-in redundancy, automated failover, and seamless scalability. It provides a foundation to run applications, store data, and deploy AI and analytics solutions efficiently. 

Google Cloud follows top security and compliance standards, including ISO/IEC 27001, SOC 2, PCI DSS, HIPAA, and FedRAMP High, ensuring robust data protection, privacy, and regulatory compliance 

Compliance and Audits 

Digital Mirror is committed to meeting the highest industry standards when it comes to compliance. The company is currently undergoing the SOC 2 Type 1 audit, which involves a rigorous assessment of security policies and procedures. Following this, Digital Mirror will proceed with SOC 2 Type 2 certification, which requires continuous monitoring over an extended period to validate security effectiveness. 

To streamline and automate compliance audits, we use the Vanter platform. This system grants auditors direct access to security controls and procedures, improving transparency and efficiency in the compliance process. 

A Unique Approach to Large Language Models 

As AI-powered solutions become increasingly embedded into platforms, applications, and workflows, ensuring the security of large language models (LLMs) has become a top priority. We have implemented a comprehensive set of safeguards to enable the secure and responsible deployment of AI, mitigating potential risks while maximizing the benefits it offers.   

Whenever external LLMs are used (we use both local and external LLMs), Digital Mirror ensures that customer data is never exposed. Sensitive information such as names, numbers, and locations are replaced with placeholders before being sent to the AI model. This ensures that even if data is processed externally, the integrity and privacy of customer information remain intact.  

Furthermore, Digital Mirror fragments documents into separate sections, sending each to different LLMs and reassembling the responses securely. This unique process prevents any external entity from having access to a complete document, further reinforcing security.

Privacy-Centric Authentication 

Unlike many platforms that embed company details into login URLs or require account-specific credentials, Digital Mirror enables users to log in seamlessly through Google, Microsoft, or Apple accounts. This means that no login credentials are stored on Digital Mirror’s servers, eliminating potential risks associated with credential leaks. 

Moreover, Digital Mirror does not share or sell customer data. The only insights gathered are related to customer queries, which are categorized anonymously to improve the system’s responsiveness. However, no specific customer information is ever exposed, ensuring full confidentiality. 

Conclusion 

In conclusion, our commitment to security and privacy is foundational to both the Digital Mirror platform and customer operations. By prioritizing customer-controlled encryption, robust compliance measures, and a unique approach to deploying LLMs in a secure fashion, Digital Mirror ensures that user data remains protected and private.