ASKLYZE

Comprehensive Data Protection

Data Security

ASKLYZE employs a multi-layered approach to data security, ensuring your Oracle data remains protected at every stage of the query lifecycle. From infrastructure to AI security, we implement industry best practices to safeguard your most valuable assets.

Last Updated: January 2026

1. Zero Data Movement Architecture

Our foundational security principle: your data never leaves your Oracle environment. Our AI engine acts as a logic layer that translates natural language to SQL, but all query execution happens locally. This architectural approach ensures raw production data is never transmitted over the network or stored externally.

  • Local Data Processing: All SQL queries execute within your Oracle database
  • No External Storage: No raw data stored on ASKLYZE servers
  • Metadata-Only Transfer: Only schema information sent for query optimization
  • Complete Isolation: Each client operates in a fully isolated environment

2. Encryption and Transport Security

All communication between ASKLYZE components is encrypted using industry-standard protocols. We use TLS 1.3 for all data transfers, ensuring that even metadata is protected in transit.

  • TLS 1.3: Latest encryption standards for all HTTPS connections
  • Certificate Pinning: Protection against man-in-the-middle (MITM) attacks
  • End-to-End Encryption: From user browser to Oracle database
  • Secure Key Rotation: Automated encryption key updates

3. Access Control and Authentication

ASKLYZE uses multi-layered Role-Based Access Control (RBAC) and integrates seamlessly with your existing Oracle security framework, including VPD and Row-Level Security.

  • Multi-Factor Authentication (MFA): Support for TOTP, SMS, and email-based OTP
  • SSO Integration: SAML 2.0 and OpenID Connect for enterprise environments
  • Oracle VPD: Respect existing row-level security policies
  • Role-Based Access Control: Granular permissions per user and team

4. Audit and Monitoring

Comprehensive logging and auditing of every interaction with ASKLYZE. All query logs are stored in ASKLYZE_AI_QUERY_STORE within your own database for compliance and forensics purposes.

  • Full Query Logging: Who asked what, when, and from where
  • SQL Generation Tracking: Complete audit trail of AI translations
  • Security Alerts: Real-time notifications for unusual access patterns
  • Configurable Retention: Log retention policies per your compliance requirements

5. Infrastructure Security

For cloud-hosted deployments, we use SOC 2 and ISO 27001 certified platforms with regular patching, network isolation, and intrusion detection. For On-Premise deployments, ASKLYZE inherits your infrastructure security posture.

  • Certified Hosting: SOC 2 Type II and ISO 27001 data centers
  • Network Isolation: Private subnets and firewalls per client
  • Intrusion Detection: Real-time monitoring for threats
  • Automated Security Updates: Immediate patching of critical vulnerabilities

6. AI and LLM Security

Our AI queries are sent to trusted LLM providers (OpenAI, Anthropic) with strict safeguards. They receive only abstracted natural language questions and schema information - never raw data.

  • Query Abstraction: Strip all sensitive data before sending to LLMs
  • No Training: Your data is not used to train AI models
  • Endpoint Security: Encrypted HTTPS connections to Azure OpenAI or Anthropic Claude
  • SQL Auditing: Automatic validation of generated queries for security

7. Compliance and Certifications

ASKLYZE is designed for GDPR, CCPA, HIPAA, SOC 2 Type II, ISO 27001, and ISO 9001 compliance. We provide compliance documentation and conduct regular audits to ensure ongoing conformance.

  • GDPR: Data protection for EU residents and data subject rights
  • CCPA: Consumer privacy for California residents
  • HIPAA: Compliance guidance for healthcare data (On-Premise deployment)
  • SOC 2 Type II: Annually audited security controls
  • ISO 27001 & 9001: Information security management and quality standards
  • Regional Data Privacy: Compliance with local data protection laws in UAE, Saudi Arabia, and Europe

8. Data Backup and Disaster Recovery

For cloud deployments, we maintain secure encrypted backups with geo-redundancy. For On-Premise deployments, ASKLYZE integrates with your existing Oracle RMAN backup and disaster recovery strategies.

  • Automated Backups: Daily full backups and hourly incremental backups
  • Encrypted Backups: AES-256 encryption for data at rest
  • Geo-Redundancy: Backups stored across multiple regions
  • Point-in-Time Recovery: Restore to any point in time within 30 days
  • Disaster Recovery Planning: Documented RTO/RPO procedures

9. Vulnerability Management

We maintain an active vulnerability management program with regular scanning, penetration testing, and responsible disclosure. All our libraries and dependencies are automatically scanned for known vulnerabilities.

  • Regular Security Scans: Quarterly penetration testing by third-party firms
  • Automated Vulnerability Scanning: Continuous monitoring of code dependencies
  • Responsible Disclosure: Vulnerability disclosure policy and bug bounty program
  • Rapid Patching: 24-hour SLA for critical vulnerabilities, 7 days for medium

10. Incident Response

We have a formal Security Incident Response Team (SIRT) and documented procedures for handling potential security breaches. Customers are notified within 24 hours of any incident affecting their data.

  • Dedicated SIRT: Security specialists on-call 24/7
  • Incident Response Plan: Documented procedures for containment, mitigation, and recovery
  • Customer Notification: Immediate notification of relevant security incidents
  • Post-Incident Analysis: Comprehensive reviews and corrective actions

11. Security Training and Awareness

All ASKLYZE employees undergo regular security training and comprehensive background checks. We foster a security-first culture throughout the organization through continuous training and awareness programs.

  • Mandatory Security Training: Annual training for all employees
  • Phishing Exercises: Regular simulated attacks to keep employees vigilant
  • Background Checks: Comprehensive screening for all employees with system access
  • Secure Developer Training: OWASP practices and secure SDLC

12. On-Premise Deployment Security

For On-Premise deployments, ASKLYZE operates entirely within your network, with no external connections required for core AI functionality. All LLM connections can be configured to work via secure internal endpoints or Azure private endpoints.

  • Air-Gapped Deployment: Complete operation without internet access (using local LLM models)
  • Private Endpoint Integration: Azure OpenAI or Anthropic via private links
  • Fully Resident: All components within your infrastructure
  • Network Compliance: Respect your firewall and proxy policies

Security Operations Center

For any security concerns or questions, contact our security team at:

security@apexexperts.net

Office No. 43-44 - Al Fahidi, Dubai Bur Dubai, UAE