Security Documentation

Security & Reliability Policy

Version 1.0 — Last updated: December 22, 2025

Contact: louis@mediar.aimatt@mediar.ai

Contents

1. Executive Summary2. Service Level Agreement3. Security Architecture4. Data Processing & Storage5. Observability & Incident Response6. Compliance Roadmap7. Scaling & Availability8. Support Model

1. Executive Summary

Mediar provides enterprise-grade automation infrastructure. This document outlines our security controls, compliance posture, and operational commitments.

Leadership

  • Louis Beaumont — CEO
  • Matthew Diakonov — CTO

2. Service Level Agreement

MetricTarget
Platform Uptime99%
Incident Response (Business Hours)4 hours
Incident Response (Off-Hours)24 hours
UI Change Adaptation1-3 business days

Business hours: 7:00 AM – 10:00 PM PST, Monday – Friday. Specific SLAs may be tailored based on workflow criticality and contract terms.

3. Security Architecture

3.1 Authentication & Authorization

  • • OAuth 2.0 / SAML single sign-on for web application access
  • • Cryptographically secure token-based authentication for desktop clients
  • • Role-based access control (RBAC) enforced at organization level
  • • Complete audit trail on all authentication events

3.2 Encryption

  • • AES-256-GCM encryption for all data at rest
  • • TLS 1.3 for all data in transit
  • • Azure enterprise-grade disk encryption for virtual machines
  • • Per-organization encryption keys for secrets management

3.3 Network Isolation

  • • Isolated Azure Virtual Networks (VNets) per customer
  • • Dedicated virtual machines available for enterprise deployments
  • • Customer VNet peering supported for hybrid configurations
  • • Organization-scoped database queries prevent cross-tenant access

3.4 Desktop Client Security

  • • Tauri framework with capability-based sandboxed security model
  • • Local-first execution: automation runs on-device without cloud dependency
  • • Privacy-first defaults: monitoring disabled until explicitly enabled
  • • User-controlled data collection with granular settings

4. Data Processing & Storage

Mediar supports flexible deployment models to meet varying data residency and security requirements:

Deployment ModelDescriptionData Location
Cloud-HostedFully managed infrastructure on AzureAzure US West, Supabase AWS us-west-1
HybridCloud orchestration, local executionOrchestration in cloud, sensitive data on-premises
On-PremiseCustomer-controlled environmentCustomer Azure/AWS/GCP tenancy

The Terminator execution engine runs on Windows VMs under customer control. For on-premise deployments, data never leaves the customer network.

5. Observability & Incident Response

Our monitoring infrastructure uses the same battle-tested patterns built at OVHcloud for worldwide datacenter monitoring.

5.1 Monitoring Stack

ComponentPurpose
OpenTelemetryDistributed tracing and structured logging
ClickHouse CloudHigh-performance analytics and log aggregation
SentryReal-time error tracking with stack traces
Health EndpointsComponent-level availability monitoring

5.2 Incident Response Procedure

  1. Automated alerting triggers on anomaly detection
  2. On-call engineer acknowledges within SLA window
  3. Root cause analysis with full trace correlation
  4. Customer notification for service-impacting incidents
  5. Post-incident review and remediation

6. Compliance Roadmap

Control AreaStatus
Access ControlImplemented
Encryption (at rest & in transit)Implemented
Audit LoggingImplemented
Change ManagementImplemented
SOC 2 Audit Observation PeriodIn Progress — Concluding Q1 2026
SOC 2 Type I CertificationExpected Q1 2026
SOC 2 Type II CertificationExpected Q1 2026
HIPAA / GDPRPlanned Q1 2026

7. Scaling & Availability

Infrastructure-as-Code enables elastic scaling from a handful to hundreds of execution nodes within minutes.

7.1 Infrastructure Components

  • • Terraform for reproducible, version-controlled deployments
  • • Packer for immutable, versioned VM images
  • • GitHub Actions CI/CD for automated deployment pipelines
  • • Git-tagged releases with instant rollback capability

7.2 Peak Demand Handling

  • • Pre-warming capacity available for known peak seasons
  • • Job queue persistence ensures no work loss during scaling events
  • • Horizontal VM scaling triggered by demand metrics
  • • Multi-region deployment available for enterprise customers

8. Support Model

8.1 Implementation Phase

  • • Dedicated Slack or Microsoft Teams channel
  • • Daily synchronization calls until workflow is stable
  • • Direct founder access via email and phone
  • • Typical implementation timeline: 2-4 weeks

8.2 Production Phase

  • • Weekly status reports and performance dashboards
  • • Proactive monitoring with automatic issue detection
  • • UI change detection with 1-3 business day adaptation
  • • Usage-based pricing aligns incentives for high success rates

8.3 Contact

For security inquiries, compliance documentation, or to discuss specific requirements:

Mediar, Inc.

945 Market St, Ste 501, Floor 5

San Francisco, CA 94103, United States