Liberators · Legal
Security
Last updated · April 2026
Our clients trust us with workflows that touch their internal systems. We take that seriously. This page outlines the practices we follow when we build, deploy, and operate AI systems.
Data handling
Client data we process during builds (documents, transcripts, system exports) is stored in encrypted, access-controlled repositories. Data is retained only as long as the engagement requires, then deleted on request or by default at project close.
We do not train public models on client data. Where we use third-party LLMs, we use API endpoints with no-train guarantees (e.g. OpenAI API, Anthropic API, Google Vertex enterprise tier).
Access control
Access to client systems and data is granted on a least-privilege basis. We use SSO with mandatory two-factor authentication on all internal accounts and on every third-party service we operate.
Infrastructure
Production workloads run on tier-1 cloud providers (Vercel, AWS, Google Cloud) with regional data residency where the engagement requires it. Secrets are managed in dedicated secret stores, never committed to source control.
Compliance posture
Our engagements align with GDPR. Where industry context requires it (HIPAA for healthcare, PCI for payments, SOC 2 for SaaS) we design the integration to meet those controls and document accordingly.
Vulnerability disclosure
If you believe you have found a security issue affecting liberators.ai or any system we operate, email hello@liberators.ai with the subject “Security disclosure”. We will acknowledge receipt within two business days and work with you to confirm and remediate the issue.
Incident response
In the event of a confirmed security incident affecting client data, we will notify the affected client within 72 hours with an initial impact assessment, contain the issue, and provide a full post-mortem once the investigation closes.