Operativt utkast — gjennomgang av eier/jurist kreves. Denne teksten er et arbeidsutkast utarbeidet for gjennomgang og er ennå ikke gjennomgått juridisk rådgivning. Ved avvik har den engelske versjonen forrang (English version prevails).
1. Access and credentials
- Least-privilege access: only the systems and scopes a workflow needs.
- Credentials are stored in secret managers / environment configuration — never in code repositories.
- Access is revoked at the end of an engagement.
2. Client data handling
- Client business data stays within the agreed toolchain; no copies on personal devices beyond what the work requires.
- Demo/test files are ephemeral: processed, then deleted — not retained.
- Client content is excluded from logs and from any model training.
3. AI-specific safeguards
- Model calls run server-side in deployed workflows; keys are never embedded in frontends.
- Rate limiting and input validation on any exposed endpoint.
- Human approval gates on sensitive actions are part of the architecture, not optional settings.
4. This website
The website itself is static, with no backend, no database and no stored form data, which removes most web attack surface by construction.
5. Incident response
Suspected incidents are triaged immediately; affected clients are informed without undue delay with facts, impact and remediation steps. Report suspected issues to info@nonstopgroup.lt.
Alle juridiske dokumenter