Trust

Security & Data Handling

Last updated: June 8, 2026

A plain-language summary for security reviewers evaluating enclavai.io and the EnclavAI product. This is not a System Security Plan (SSP) and does not replace your own assessment.

Two surfaces

Surface Where data lives CUI?
Public website & free tools Your browser; Vercel CDN; optional Supabase/PostHog for forms & analytics Do not submit CUI here
Self-hosted EnclavAI Inside your VPC, GovCloud/Azure Gov sub, or air-gapped enclave Designed to operate under your CUI program

STIG Readiness Scorer (free tool)

Pilot request form

Self-hosted product (summary)

When you deploy EnclavAI in your boundary, the product is designed around:

Technical deployment detail lives in the product repository documentation (Docker Compose, GovCloud and air-gap runbooks, Terraform). Your SSP and ATO package should describe the instance you operate.

Hosting & headers (public site)

enclavai.io is served via Vercel with security headers including:

Incident & vulnerability reports

Report suspected security issues to support@gnukumcloudsolutions.com. Please include steps to reproduce and avoid submitting CUI in the report.

Related documents

Privacy Policy · Terms of Service