Skip to main content
NOFire AI is built to support reliability decisions without introducing operational or security risk. The platform is designed to observe, reason, and explain, never to act or modify production systems.

Security Certifications & Compliance

NOFire AI is GDPR compliant and actively preparing for SOC 2 Type II certification. We have engaged compliance infrastructure and are on track for certification completion.

Core Security Principles

NOFire AI operates with clear constraints:
  • Read-only access to customer systems
  • No production write permissions
  • Customer-scoped isolation at all times
  • No cross-customer data sharing
  • No use of customer data for model training
If NOFire AI cannot observe something safely, it does not observe it at all.

Data Access & Permissions

What data does NOFire AI access? NOFire AI accesses:
  • Observability data (logs, metrics, traces)
  • Change events (deployments, configuration updates, scaling events)
  • Dependency signals (service-to-service traffic)
This data is used to explain change impact, failure causes, and system behavior. All access is read-only and scoped by the customer. Does NOFire AI require write access? No. NOFire AI never requests:
  • Write access
  • Remediation permissions
  • Deployment controls
  • Infrastructure modification rights
Human operators remain fully accountable for all changes. How are permissions managed? All integrations use customer-provided credentials (API keys, OAuth, or service accounts). Credentials are scoped by the customer and can be revoked at any time without impact to customer systems.

Data Handling & Privacy

What data is stored? NOFire AI stores only what is required to preserve reasoning continuity and build reliability memory for your organization. Raw telemetry is queried live. Derived metadata may be retained in customer-isolated environments. Is sensitive data handled safely? Yes. NOFire AI supports pattern-based redaction for PII, cardholder data, secrets, and tokens. Redaction is configurable per connection. Learn more: Sensitive Data Redaction Is customer data shared or reused? No. Customer data:
  • Is never shared across organizations
  • Is never used to train AI/ML models
  • Is used only to improve decisions for that same organization
Data may be used for in-context learning to enhance your team’s experience. Customer data is strictly isolated and only used to benefit your organization, maintaining complete privacy and separation at all times.

Encryption & Infrastructure Security

Is data encrypted at rest? Yes. NOFire AI uses AWS Secrets Manager and AWS KMS with AES-256 encryption for all sensitive data at rest. Is data encrypted in transit? Yes. All traffic between customer environments, NOFire Edge, and NOFire AI SaaS uses TLS 1.2+. What security controls are in place?
  • AES-256 encryption for data at rest
  • TLS 1.2+ for all data in transit
  • AWS KMS for key management
  • AWS Secrets Manager for credential storage
  • Customer-scoped data isolation
  • Regular security audits

AI Usage Policy

NOFire AI uses AI to reason over production context, not to act autonomously. Key guarantees:
  • AI does not execute changes
  • AI does not make deployment decisions
  • AI does not operate without human review
  • Customer data is not used for training

Customer Responsibilities

To maintain a secure setup:
  • Scope credentials to read-only access
  • Enable redaction where sensitive data exists
  • Rotate credentials regularly
  • Review RBAC settings for appropriate user access