ManaraAI logoManaraAI

Security & Trust

Security at ManaraAI

How we approach protecting the data our customers trust us with.

Data protection

We protect customer data using security-first engineering practices throughout the platform. • Encryption in transit using TLS 1.2+ • Encryption at rest for databases and object storage • Secure database architecture with strict network isolation • Secrets managed securely and never stored in source code • Regular backups with recovery procedures • Secure software development lifecycle (SSDLC) • Continuous vulnerability monitoring and security updates Customer data always remains isolated between organizations through strict tenant separation.

Access control

ManaraAI provides enterprise-grade Role-Based Access Control (RBAC) to ensure users only access the information and capabilities they are authorized to use. Features include: • Granular role and permission management • Organization and department-level access • Principle of least privilege • Secure authentication • Audit logs for user activities • Session management and access controls Administrators maintain full visibility over user permissions and platform activity.

Audit trails

Every meaningful action across the platform is logged for accountability and traceability. • Immutable activity logs for user and system actions • Full history of changes to controls, evidence, and risk records • Timestamped audit logs available to administrators • Exportable audit trails to support internal and external audits Audit trails give your compliance and audit teams a defensible record of who did what, and when.

Secure evidence handling

Evidence collected for compliance, audit, and risk workflows is handled with the same rigor as production data. • Encrypted storage for uploaded evidence and documents • Access to evidence restricted by role and need-to-know • Version history preserved for every evidence artifact • Chain-of-custody metadata retained for audit readiness Evidence integrity is protected from collection through to audit sign-off.

Infrastructure & hosting

Deploy ManaraAI the way your organization requires. Managed Cloud • Fully managed by the ManaraAI team • Automatic updates and security patches • Continuous monitoring • High availability architecture • Managed backups and disaster recovery Self-Hosted For organizations with strict regulatory or data residency requirements. • Deploy within your own infrastructure • Support for private cloud or on-premises environments • Full ownership of infrastructure and data • Compatible with enterprise security policies and network controls

Compliance readiness

ManaraAI is built for PDPL, ISO 27001, and SOC 2 compliance workflows, and supports ISO 27001 and SOC 2 readiness for organizations working toward certification. The platform helps organizations implement and maintain frameworks including: • ISO 27001 • SOC 2 • PDPL • NIST Cybersecurity Framework • CIS Controls • Custom regulatory frameworks We continuously improve our security posture and compliance capabilities as the platform evolves.

Responsible AI governance

AI is used to accelerate compliance, risk, and audit work, always with human oversight. • Human-in-the-loop review for AI-generated findings and recommendations • Clear separation between customer data and any model improvement processes • Transparent AI-assisted outputs, never presented as final decisions without review • Ongoing evaluation of AI outputs for accuracy and bias ManaraAI is built for PDPL, ISO 27001, and SOC 2 compliance workflows, with AI governance practices designed to support responsible adoption.

Reporting a security concern

We take security seriously. If you believe you've discovered a vulnerability or security issue, please contact us at contact@mymanara.co with as much detail as possible. Our security team will acknowledge your report, investigate it promptly, and keep you informed throughout the remediation process.