Home/Trust Center/Security
TRUST CENTER

Security Overview

How 366 protects your data, infrastructure, and AI workloads across deployment models.

Security by Design

366 is designed following a “security by design” approach, integrating:

  • logical environment segmentation,
  • role-based access control (RBAC),
  • logging of technical events and access activity,
  • continuous usage and performance monitoring.

The platform is available in two deployment models:

SaaS

Hosted and operated by 366

On-Premise

Deployed within the customer's infrastructure or via a dedicated appliance

Security responsibilities differ depending on the selected deployment model.

Hosting & Infrastructure

SaaS Deployment

366 SaaS is hosted in Europe on cloud infrastructure operated by Scaleway (France / EU).

The architecture includes:

  • logical isolation between customer environments,
  • containerized orchestration,
  • technical supervision and monitoring,
  • encrypted communications (HTTPS / TLS).

The SaaS platform is designed to ensure a 99.8% availability target, excluding scheduled maintenance windows.

On-Premise Deployment

In On-Premise deployments:

  • the software is installed within infrastructure controlled by the customer,
  • infrastructure-level security (network, storage, hypervisor, physical security) remains under the customer's responsibility,
  • 366 provides configuration and hardening recommendations.

Availability commitments apply exclusively to SaaS environments.

Backup & Restoration (SaaS)

In SaaS environments:

  • weekly backups are performed,
  • the last four weeks are retained on a rolling basis,
  • full restoration may be performed in the event of a technical incident attributable to 366.

Customers remain responsible for retaining original source files outside the platform.

In On-Premise environments, backup strategy remains under customer responsibility.

Monitoring & Abuse Prevention

The platform includes:

  • monitoring of usage metrics (Agents, Tokens, Modules, API calls),
  • security supervision mechanisms,
  • abuse detection processes.

In SaaS environments, Prompts and generated Outputs may be temporarily retained (up to 30 days) for security and abuse prevention purposes.

Alternative retention settings may be considered upon request, subject to legal and security constraints.

AI Model Governance

366 may leverage:

  • open-source models deployed on controlled infrastructure,
  • European inference service providers,
  • third-party API providers (OpenAI, Anthropic, Google, Mistral AI, Meta, etc.).

The hosting infrastructure is located within the European Union.

Certain AI model providers may operate outside the EU. Where applicable, appropriate contractual safeguards are implemented in accordance with GDPR requirements.

Third-party providers act solely for the execution of inference requests initiated by customers.

Continuous Updates & Anti-Obsolescence

366 follows a continuous update policy designed to:

  • address identified vulnerabilities,
  • maintain component compatibility,
  • integrate relevant regulatory developments,
  • improve stability and performance.

Proactive vulnerability monitoring and structured update cycles are integrated into the product lifecycle.

Technical Documentation

Detailed technical documentation is available upon request under NDA. The following documents can be provided to qualified organizations:

Business Continuity Plan (BCP)

Disaster recovery procedures and continuity strategy

Safeguard Plan

Data protection measures and incident response framework

SLA Matrix

Detailed service level targets by deployment model

Security Procedures

Access control, encryption, vulnerability management, and audit processes

Infrastructure Architecture

Network topology, segmentation, and deployment specifications

Request access under NDA

Available to customers, prospects in evaluation, and auditors. We typically respond within 48 hours.

Also in the Trust Center

Reliability & Continuity

Uptime, SLAs, and disaster recovery

Data Protection & Compliance

GDPR, data residency, and certifications