Simple Machine Mind logo
EvaluatorDPT™
Simple Machine Mind
Trust Center

Security & Compliance

Public, high‑level overview suitable for customer security review and Microsoft seller enablement.

1. Security posture

EvaluatorDPT™ is built on Azure and uses Azure‑native controls wherever possible. Core components run behind Azure API Management and Azure Front Door (WAF), with secrets stored in Azure Key Vault. Access is restricted to required surfaces only.

1.1 Platform controls

  • Perimeter protection: Azure Front Door with WAF in front of public endpoints.
  • Gateway policy enforcement: Azure API Management for authentication, throttling, and request validation.
  • Runtime isolation: Azure Container Apps for the decision runtime, configured for autoscale and resilience.
  • Secrets management: Azure Key Vault for secrets, keys, and configuration values.
  • Supply chain: container images stored in Azure Container Registry.

1.2 Operational security

  • Least privilege: role‑based access with minimized permissions for production resources.
  • Vulnerability management: automated image scanning in CI/CD and patch cadence aligned to severity.
  • Change control: versioned configuration and “no drift” checks for key deployment artifacts.
  • Observability: request correlation IDs, structured logs, and health probes for operational readiness.

2. Data handling

  • No sensitive data is stored.
  • No PHI, PII, or PCI data is processed.
  • EvaluatorDPT™ is designed as a decision engine: it transforms inputs into decisions; it does not train on customer data by default.

2.1 Customer responsibility

  • Do not submit regulated or sensitive data to the service.
  • Ensure API keys are treated as secrets and never embedded in client‑side code.

3. Incident response & reporting

For security incidents, suspected abuse, or vulnerability disclosure, contact:

4. Responsible usage

  • EvaluatorDPT™ is intended to produce governed decisions for enterprise workflows.
  • High‑risk or abusive use is prohibited.