Simple Machine Mind Logo
EvaluatorDPT™
Decision Engine · Simple Machine Mind
Trust & Security

Trust Center

How we think about security, privacy, and responsible usage for Evaluator.

1. Security Posture

Evaluator is built on Azure and uses Azure-native controls wherever possible. Core components run in Azure Container Apps behind Azure API Management and Azure Front Door (WAF), with secrets stored in Azure Key Vault. Network access is locked down to required surfaces only.

1.1 Infrastructure

  • Azure Front Door with Web Application Firewall (WAF) in front of public endpoints.
  • Azure API Management as the main gateway and policy enforcement point.
  • Azure Container Apps for Evaluator runtime, configured for autoscale and resilience.
  • Azure Key Vault for secrets, keys, and configuration values.
  • Container images stored in Azure Container Registry.

1.2 Operational Controls

  • Least-privilege access to production resources.
  • Automated build, scan, and deploy pipeline with Trivy image scanning.
  • Golden snapshot configuration tracked in source control.

2. Data Handling

Evaluator is designed as a decision layer: we score and transform inputs into decisions, but do not train on customer data.

  • No customer data is used to train or fine-tune SMsquared models by default.
  • Inference logs can be minimized, aggregated, or disabled based on customer needs.
  • Sensitive identifiers should be removed or tokenized by the caller where possible.

3. Privacy & Compliance

Our privacy commitments for Evaluator are documented in the dedicated privacy notice. For regulated workloads, we work with customers to align Evaluator’s deployment with their internal policies and regulator expectations.

Contact compliance@smsquared.ai for security and compliance inquiries.

4. Responsible AI

Evaluator is built to make AI decision flows more controlled, auditable, and predictable. We do not provide content that is intentionally harmful or abusive, and use Evaluator’s policy scaffolding to restrict high-risk use cases.

  • Deterministic Yes/No/TBD outcomes with inspectable thresholds.
  • Policy and constraint vectors for configuring acceptable behavior.
  • Ability to log base vs. adjusted decisions for independent review.

5. Evaluator API – Request limits & payload shapes

5.1 Request limits and smoke testing

Evaluator is fronted by Azure Front Door and Azure API Management. To protect shared capacity and ensure fairness across tenants, requests are governed by per-subscription and per-tier rate limits.

Recommended pattern for basic smoke tests:

  • Call POST /v1/warm once to warm the model.
  • Then send 10–20 POST /v1/predict calls with a small JSON payload (for example "The World is Beautiful").
  • If you send a large burst of requests in a very short window on a single subscription key, you may receive HTTP 429 (Too Many Requests). This is expected behavior from API Management and not a sign of service instability.
  • For load tests, soak tests, or large-scale benchmarks, please contact us first at support@smsquared.ai so we can coordinate capacity and share test guidance.

Early latency benchmarks (informational only):

  • In early tests via Azure Front Door, we observe approximately p50 ≈ 230 ms and p95 ≈ 260 ms for typical text-only /v1/predict requests under light load.
  • Actual performance depends on region, payload, client behavior, and background traffic and is not guaranteed as a formal SLA.

5.2 Steering vectors and tier behavior

Evaluator supports optional policy-based steering via a vectors object in the /v1/predict request body. These steering vectors let you align decisions with your own policy and risk preferences.

Maximum supported vector shapes:

  • Policy vectors (policies, policies_w): up to 10 dimensions.
  • Constraint vectors (constraints, constraints_w): up to 28 dimensions.
  • Requests that exceed these shapes may be rejected or internally truncated, depending on tier and configuration.

High-level tier semantics:

  • Consumer / Trial (text-only decision)
    Primary input is texts[]. Vectors, if supplied, may be ignored and are not required to get a decision.
  • Enterprise (steered decision with compact vectors)
    Supports policy-based decision steering with a compact 6-dimension policy vector (the first 6 policy dimensions). Constraint dimensions may be present but are typically kept zeroed for most standard use cases.
  • Enterprise Pro (full steering)
    Supports full policy and constraint steering up to the documented shapes (10 policy + 28 constraint dimensions), intended for governance, safety, and high-control decision systems.

These limits and semantics are also reflected in our OpenAPI specification and product documentation so integrators can design clients that respect the maximum supported shapes.

6. Contact & Reporting

For security incidents, suspected abuse, or vulnerability disclosure:

script src="vendor/js/jquery.cubeportfolio.min.js">