Technical FAQs

Platform Deployment & Hosting

Can I Self Host? The Great Wave AI Platform is built as a Cloud Native SaaS solution. We do, however, offer a self-hosted version. Please use our Contact section to get in touch.

Where Is The Great Wave AI Platform Hosted? We are hosted in Microsoft Azure, which is fully backed by the same compliance controls Microsoft itself uses. For a full library of compliance artifacts, please see Azure Compliance Documentation. We are able to host the processing and storage of data solely in the UK, Sweden or the globally. Only data at the edge (i.e., between the user location and the internet) is outside our network.

Security & Data Protection

How Well Is the Platform Protected Against Web Vulnerabilities? Our platform is protected by a Web Application Firewall (WAF) with an industry-aligned rule set of over 190 rules. We adopt DevSecOps practices and follow the OWASP Top Ten guidelines, including conducting regular self-penetration testing to ensure robust security.

Is Data Encrypted? Yes, all customer data is encrypted both at rest and in transit.

  • In transit: We use HTTPS to encrypt all traffic between our components and end users.

  • At rest: All data is encrypted using 256-bit AES and is FIPS 140-2 compliant.

How Are Users Authenticated? Users enter their details on the front end, which securely sends them via HTTPS to our API server. After verifying credentials, the server issues a JWT token valid for 24 hours. This token is stored on the front end and used to authenticate all subsequent requests. We also support Single Sign-On (SSO) integration upon request, enabling centralized identity management through your existing provider (e.g., Azure AD, Okta).

How Do You Manage Access Control (RBAC)? We use Role-Based Access Control (RBAC) internally to manage developer and infrastructure access. Permissions are assigned based on roles, for example, senior engineers have elevated access. Access is granted using a least-privilege model and reviewed regularly. In the Platform there are two roles, user and admin. Admin's have the ability to manage users.

Do You Have Audit Logging in Place? Yes, we maintain comprehensive audit logs:

  • Infrastructure logs track all administrative actions and configuration changes.

  • Platform logs capture all agent interactions. These logs are securely stored and regularly reviewed.

How Do You Manage Secrets? We manage secrets such as API keys and credentials using encrypted Azure Key Vaults. We never store credentials in source control. Access is role-based and regularly audited.

What Data Privacy Regulations Do You Comply With? We comply with the General Data Protection Regulation (GDPR), including requirements around data minimization, user consent, data subject rights (such as access and erasure), breach notification, and secure data processing.

We also have a privacy policy here: https://greatwave.ai/privacy-policy/ And a data processing agreement (DPA) here: https://greatwave.ai/data-processing-agreement/

How Do You Manage Vulnerabilities? We follow best practices for vulnerability management.

  • Static code is continuously scanned using SonarCloud.

  • Runtime vulnerabilities are detected using OWASP-aligned dynamic scanning. High-severity issues are triaged and prioritized for immediate remediation.

Resilience & Monitoring

How Is Data Backed Up? We perform regular automated backups of all critical data to ensure data integrity and availability.

Do You Have an RTO/RPO? Yes, our standard Recovery Time Objective (RTO) in the event of a disaster is 24 hours. Our Recovery Point Objective (RPO) is 1 hour.

How Is the Platform Monitored? Our platform is continuously monitored using APM (Application Performance Management Tools) to detect and respond to functional or security issues in real time. A dedicated team handles incident response and enforces our security policies.

What Is Your Incident Response Plan? We have a comprehensive incident response plan that includes:

  • Detection and containment

  • Root cause analysis and eradication

  • System recovery

  • Post-incident review to prevent recurrence

Support

How Can I Get Support? You can email us at [email protected] for help or technical assistance. When contacting support, please provide:

  • A clear subject line

  • A detailed description of your issue or question

  • Any relevant screenshots or error messages

PreviousUser Account Management

Last updated