Security

Last updated: 11 February 2026

At Saiko Intelligence, we take the security of your data seriously. This page provides an overview of the technical and organisational measures we have implemented to protect your information.

🔒

Two-Factor Authentication

TOTP-based 2FA with Google Authenticator or Authy. Mandatory for all administrative accounts. Recovery codes provided for account recovery.

🔐

Encrypted API Keys

All API keys and sensitive secrets encrypted at rest using Fernet symmetric encryption. Keys are decrypted only at the moment of use.

🛡

Tenant Data Isolation

Each client operates in a logically isolated tenant environment. All database queries are scoped to the authenticated tenant. Cross-tenant access is prevented at every layer.

💾

Daily Encrypted Backups

Automated daily database backups at 03:00 UTC with 7-day daily and 4-week weekly retention. Off-site encrypted storage on Backblaze B2.

⚡

Rate Limiting

Token bucket rate limiting per tenant per endpoint. Prevents brute-force attacks, API abuse, and resource exhaustion.

📑

Every login attempt is logged with timestamp, IP address, and user agent. Automatic account lockout after 5 failed attempts within 15 minutes.

🔒

HTTPS Everywhere

All connections encrypted with TLS/SSL. Auto-renewing certificates. No unencrypted HTTP access permitted.

👥

Role-Based Access

Granular permission system: Viewer, Manager, Admin, Owner. Each role has carefully scoped access to features and data.

Authentication and Access

Strong passwords — Minimum 12 characters with uppercase, lowercase, digit, and special character requirements.
Two-factor authentication — TOTP-based 2FA available for all users, mandatory for administrators. Includes recovery codes for account recovery.
Session management — 30-minute inactivity timeout automatically logs users out. JWT-based tokens with short expiry and secure refresh mechanism.
Account lockout — After 5 failed login attempts within 15 minutes, the account is temporarily locked to prevent brute-force attacks.
Invite-only access — New tenant members must be invited by an administrator. Invitations expire after 7 days.

Data Protection

Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS 1.2+.
Encryption at rest — API keys, 2FA secrets, and other sensitive data encrypted with Fernet symmetric encryption. Passwords hashed with bcrypt.
Tenant isolation — Multi-tenant architecture with strict data separation. Every database query is scoped to the authenticated tenant. Verified through comprehensive security audit.
Backup encryption — Database backups are encrypted before transfer to off-site storage.

Infrastructure

Hosting — Dedicated VPS infrastructure with SSH key-based access only.
Firewall — Strict firewall rules limiting access to necessary ports only.
Uptime monitoring — External monitoring service checks platform health continuously with automated alerts on downtime.
Error alerting — Automated email notifications for system errors, enabling rapid response to issues.
Automated backups — Daily automated database backups with integrity verification, 7-day daily and 4-week weekly rotation, off-site storage.

Monitoring and Incident Response

Login audit log — All authentication events recorded with IP address and user agent for forensic analysis.
Rate limiting — Per-tenant, per-endpoint rate limiting prevents abuse and protects against denial-of-service attacks.
Error monitoring — Unhandled server errors trigger immediate email alerts to the technical team.
Breach notification — In the event of a data breach, we will notify affected clients within 48 hours and the ICO within 72 hours as required by UK GDPR.

AI Security

Tenant-scoped AI — AI conversations only access data belonging to your tenant. No cross-tenant data leakage.
Confidentiality controls — Internal email addresses and staff names are sanitised from AI context to prevent inadvertent disclosure.
Memory isolation — AI memories saved by users are strictly isolated per tenant and cannot be accessed by other clients.

Responsible Disclosure

If you discover a security vulnerability in our Platform, we ask that you report it responsibly:

Email us at hello@saikointelligence.com with details of the vulnerability.
Do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.
Do not access or modify data belonging to other users during your research.

We appreciate security researchers who help us keep the Platform safe and will acknowledge valid reports.

Contact

Saiko Music Group Ltd
Hamalworth House, 9 St. Clare Street
City Of London, England, EC3N 1LQ
Email: hello@saikointelligence.com