Security

Security at Areebi

As an AI governance platform trusted by enterprise security teams, we hold ourselves to the highest security standards. Security isn't a feature - it's our foundation.

Our Practices

How we secure the platform

Security is built into every layer of Areebi. From infrastructure to application, we follow industry best practices and exceed compliance requirements.

Encryption Everywhere

AES-256 encryption at rest and TLS 1.3 in transit. All data is encrypted by default with customer-managed keys available on Enterprise plans.

Zero-Trust Architecture

Every request is authenticated and authorized. No implicit trust, network-level isolation, and least-privilege access controls throughout the platform.

Penetration Testing

Regular third-party penetration testing and red team exercises. Findings are remediated on strict SLAs and results are available to customers under NDA.

Vulnerability Management

Continuous vulnerability scanning, automated dependency updates, and a structured patch management process with severity-based SLAs.

For a comprehensive overview of our security posture, certifications, and compliance status, visit our Trust Center.

Responsible Disclosure

Report a vulnerability

We value the security research community and welcome responsible disclosure of vulnerabilities. If you've found a security issue, we want to hear from you.

In Scope

areebi.com (marketing website)
app.areebi.com (application)
API endpoints (api.areebi.com)

Out of Scope

Social engineering attacks (phishing, vishing, pretexting)
Denial of service (DoS/DDoS) attacks
Physical security testing
Third-party services and applications
Automated scanning without prior coordination
Testing on accounts you do not own

How to Report

Send your report to security@areebi.com. Please encrypt sensitive details using our PGP key (available at /.well-known/security.txt).

What to include:

Detailed description of the vulnerability
Step-by-step reproduction instructions
Impact assessment and potential severity
Any proof-of-concept code or screenshots
Your contact information for follow-up

Response Timeline

Acknowledgment - Within 48 hours

We will confirm receipt of your report and assign a tracking ID.

Triage & Assessment - Within 5 business days

Our security team will assess the severity and impact of the reported vulnerability.

Remediation - Based on severity

Critical: 7 days. High: 14 days. Medium: 30 days. Low: 90 days. We will keep you updated on progress.

Safe Harbor Statement

Areebi will not pursue legal action against security researchers who report vulnerabilities in good faith and in accordance with this policy. We consider security research conducted under this policy to be authorized and will not initiate legal claims against you for circumventing technological measures we have employed to protect the applications in scope.

We ask that you make a good faith effort to avoid privacy violations, data destruction, and interruption or degradation of our services during your research.

security.txt

Our /.well-known/security.txt file follows the RFC 9116 standard and contains our security contact information, PGP key, and disclosure policy reference.

For more details, visit our Trust Center, review our Privacy Policy, read our Terms of Service, explore our platform security features, or check our compliance certifications. Have questions? Get in touch.

Questions about our security?

Our security team is available to answer questions, provide documentation, or discuss our practices in detail.

Visit Trust Center Contact Security Team

security.txt

Our /.well-known/security.txt file follows the RFC 9116 standard and contains our security contact information, PGP key, and disclosure policy reference.