Protecting Data Means Protecting People.

Information security isn't just about firewalls and compliance. For us, it’s about empathy, respect, and earning your trust by being radically transparent about how we protect your learning environment.

✓ ISO 27001 Certified Information Security Management System

Our Security Philosophy

We believe security shouldn't be an exhausting burden. We design our systems assuming humans make mistakes, focusing on frictionless protection and radical transparency.

Plain-English Consent

No hiding behind confusing legal jargon. When we ask for your data, we tell you exactly why we need it and how it will be used.

Data Minimization

We only collect what we actually need. No unnecessary tracking, no harvesting data "just in case." If we don't need it to run the service, we don't collect it.

Easy Exits

Leaving should be as easy as signing up. If you want us to delete your data, we make the process simple, transparent, and permanent.

Engineered for Security: How We Do It

We don't just promise your data is safe; we prove it. Here are the specific technical architectures, continuous testing pipelines, and encryption standards that defend Frontiermind.

Data Transmission & Cryptography

  • In Transit: We enforce strict SSL/TLS encryption across our entire Client Layer. We utilize valid, trusted certificates and enforce HTTP Strict Transport Security (HSTS) with a 1-year maximum age to prevent protocol downgrade attacks.
  • At Rest: We mandate data at rest encryption. Our Database Layer is fully encrypted at rest , and our File Storage Layer utilizes comprehensive Server-Side Encryption.
  • Immutable Backups: We back up all critical systems every 24 hours into a secure, isolated location. These backups are strictly immutable—prevented from being modified or deleted for 365 days, ensuring ransomware resilience.

Application Defense & Testing

  • Web Application Firewall: Our perimeter is defended by a Web Application Firewall equipped with DDoS protection. Traffic is aggressively filtered for SQL Injections and XSS attacks. We strictly enforce authentication mechanism rate-limiting to neutralize brute-force attempts.
  • DevSecOps Pipeline: We utilize automated Static Analysis (SAST) and Dependency Scanning in our CI/CD pipeline to block vulnerable libraries. We also employ automated secret detection in our repositories.
  • Continuous Testing: We run automated vulnerability assessment scans on all eligible hosts every 90 days. We undergo rigorous Penetration Testing by internal teams or independent external parties every 365 days.

Access Control & Minimization

  • Zero-Trust Access: We enforce the Principle of Least Privilege globally; access is denied by default. Multi-Factor Authentication (MFA) is strictly required for all privileged accounts at login. Remote administration requires hardened endpoint devices.
  • Stateless Minimization: We utilize session tokens that do not contain your email address after login. Your learning interactions are transmitted to our servers without personal data attached.
  • Data Sanitization: All uploaded documents pass through format validation and automated malware scanning prior to processing. We actively sanitize system logs to protect sensitive data before it hits our logging infrastructure.

Full Privacy Policy

Security locks the door; privacy dictates what's inside the room. Frontiermind operates in strict alignment with privacy.

Last Updated: January 06, 2026

1. Information We Collect & How We Use It

We practice strict data minimization. We only collect what is required to provide our educational services:

  • Account & Authentication: We collect your basic profile data to create your account. Upon login, we utilize stateless session tokens that do not contain your email address to keep you securely authenticated.
  • Learning Data: We track your learning interactions and AI interactions to personalize your experience. These interactions are transmitted to our servers stripped of personal identifiers.
  • Uploaded Documents: Documents you upload are processed strictly to validate formatting and check for malware.

2. How Our AI Uses Your Data (No External Training)

We know AI privacy is a major concern. When you interact with our AI Coach or simulations, your requests are processed internally via our own proprietary Middleware Layer and AI Processing Engine.

  • Local Inference: Our LLM inference and Video Generation models run securely within our internal environment.
  • No Training on User Data: We do not use your personal data, uploaded documents, or private learning interactions to train our underlying AI models.

3. Data Sharing & Sub-processors

We do not, and will not, sell your personal data.

To provide our services, we utilize vetted third-party sub-processors (such as our cloud infrastructure providers). We enforce strict data residency, ensuring your primary data is hosted securely within Singapore to comply with local regulatory frameworks.

4. Data Retention Lifecycle

We do not hold your data forever. We retain your personal information only as long as your account is active or as needed to provide our services. If you choose to delete your account, your active profile data is permanently purged within 30 days of your deletion request. Please note that for disaster recovery purposes, immutable, encrypted system backups are retained for exactly 365 days before being automatically destroyed.

5. Your Rights & Consent

You own your data. Under applicable privacy laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correct: Update or fix any inaccurate information in your profile.
  • Delete: Request the permanent erasure of your account and associated personal data.

We will respond to all data rights requests within 30 business days of receipt. To submit a request, please contact our Privacy Team using the details in Section 7.

6. Technical Security (ISO 27001)

We protect your privacy using an Information Security Management System (ISMS) that is fully compliant with ISO 27001 standards. The exact encryption protocols, firewalls, and testing mechanisms we use to protect this data are outlined in the Application Defense section above.

7. Contact Our Privacy Team

If you have questions about this policy, or wish to exercise your data rights, please contact our support at: support@vsm.ai