Security & Trust
How we approach protecting the data our customers trust us with.
We protect customer data using security-first engineering practices throughout the platform. • Encryption in transit using TLS 1.2+ • Encryption at rest for databases and object storage • Secure database architecture with strict network isolation • Secrets managed securely and never stored in source code • Regular backups with recovery procedures • Secure software development lifecycle (SSDLC) • Continuous vulnerability monitoring and security updates Customer data always remains isolated between organizations through strict tenant separation.
ManaraAI provides enterprise-grade Role-Based Access Control (RBAC) to ensure users only access the information and capabilities they are authorized to use. Features include: • Granular role and permission management • Organization and department-level access • Principle of least privilege • Secure authentication • Audit logs for user activities • Session management and access controls Administrators maintain full visibility over user permissions and platform activity.
Every meaningful action across the platform is logged for accountability and traceability. • Immutable activity logs for user and system actions • Full history of changes to controls, evidence, and risk records • Timestamped audit logs available to administrators • Exportable audit trails to support internal and external audits Audit trails give your compliance and audit teams a defensible record of who did what, and when.
Evidence collected for compliance, audit, and risk workflows is handled with the same rigor as production data. • Encrypted storage for uploaded evidence and documents • Access to evidence restricted by role and need-to-know • Version history preserved for every evidence artifact • Chain-of-custody metadata retained for audit readiness Evidence integrity is protected from collection through to audit sign-off.
Deploy ManaraAI the way your organization requires. Managed Cloud • Fully managed by the ManaraAI team • Automatic updates and security patches • Continuous monitoring • High availability architecture • Managed backups and disaster recovery Self-Hosted For organizations with strict regulatory or data residency requirements. • Deploy within your own infrastructure • Support for private cloud or on-premises environments • Full ownership of infrastructure and data • Compatible with enterprise security policies and network controls
ManaraAI is built for PDPL, ISO 27001, and SOC 2 compliance workflows, and supports ISO 27001 and SOC 2 readiness for organizations working toward certification. The platform helps organizations implement and maintain frameworks including: • ISO 27001 • SOC 2 • PDPL • NIST Cybersecurity Framework • CIS Controls • Custom regulatory frameworks We continuously improve our security posture and compliance capabilities as the platform evolves.
AI is used to accelerate compliance, risk, and audit work, always with human oversight. • Human-in-the-loop review for AI-generated findings and recommendations • Clear separation between customer data and any model improvement processes • Transparent AI-assisted outputs, never presented as final decisions without review • Ongoing evaluation of AI outputs for accuracy and bias ManaraAI is built for PDPL, ISO 27001, and SOC 2 compliance workflows, with AI governance practices designed to support responsible adoption.
We take security seriously. If you believe you've discovered a vulnerability or security issue, please contact us at contact@mymanara.co with as much detail as possible. Our security team will acknowledge your report, investigate it promptly, and keep you informed throughout the remediation process.