Solenkn

Security

Security is part of the deliverable

Our clients handle financial records and patient data. The way we protect information is not a separate program bolted onto the work — it is how the work gets done.

Data protection

Client data is encrypted in transit and at rest. We minimize what we collect, segregate client environments from one another, and delete data when engagements end unless the services agreement requires retention. Where possible, we work with de-identified or synthetic data during development and only touch production data under explicit, documented authorization.

Access control

Access follows least privilege: people get the minimum access their role requires, for the minimum time it is required. All access to client data requires multi-factor authentication, is logged, and is reviewed on a recurring schedule. Offboarding revokes access on the same day, every time.

Secure development

Every change to code we ship goes through peer review and automated checks before merge. Dependencies are scanned for known vulnerabilities, secrets never live in source code, and model artifacts are versioned and integrity-checked so what was validated is provably what gets deployed. We treat model pipelines with the same rigor as application code.

Incident response

We maintain a written incident response plan with defined severity levels, escalation paths, and client notification commitments. Suspected incidents are triaged immediately, contained, investigated, and documented — and clients affected by a confirmed incident are informed without undue delay, with a clear account of impact and remediation.

Model security, specifically

Machine learning systems carry risks that ordinary software does not: training data can be poisoned, models can leak information about the data they were trained on, and deployed endpoints can be probed by adversarial inputs. Our governance frameworks address these directly — with input validation at inference time, monitoring for anomalous query patterns, controls on who can retrain or replace a model, and documentation of every model's lineage so that unexpected behavior can be traced to its source.

To report a security concern, contact security@solenkn.com. We acknowledge reports within one business day.

Questions about how we would handle your data?

Security reviews are a normal part of our sales process. Ask us anything.