Product Pricing About Blog API Docs Security Contact REQUEST DEMO
Security & Compliance

Aviation-Grade
Data Protection

Your data security is not a feature. It’s our architecture. Every layer built for the world’s most regulated industry.

🔒

BYOD Architecture

🛡

Tenant Isolation

🔐

AES-256 Encryption

🌎

GDPR Ready

📋

SOC 2 (Target)

EASA Compliant

Data Architecture

Your Data, Your Control

Bring Your Own Data (BYOD) means your proprietary technical manuals, AMMs, CMMs, IPCs, and service bulletins never leave your isolated environment. Daleel processes your documents within a dedicated tenant boundary. No data is shared, co-mingled, or accessible by other customers.

Each tenant has its own vector store, embeddings, and encryption keys. The AI engine queries only your data plus publicly available regulatory sources. Cross-tenant access is architecturally impossible, not just policy-restricted.

You retain full ownership of all uploaded documents. Upon contract termination, your data is permanently deleted within 30 days and a certificate of destruction is provided.

Tenant A

A320 AMMs / IPCs / SBs

Tenant B

737 AMMs / CMMs

🔒 AES-256 Encryption Boundary
Daleel AI Engine

RAG retrieval scoped per tenant

Public Data Layer

FAA ADs • EASA SIBs • ICAO Standards

⛔ No Cross-Tenant Access
Security

Defense in Depth

🔐

Encryption Everywhere

AES-256 at rest, TLS 1.3 in transit. All documents, embeddings, and query logs are encrypted end-to-end with customer-scoped keys.

🛡

Tenant Isolation

Dedicated vector stores, separate database schemas, and isolated compute. No shared resources between tenants at any layer.

👤

Access Control

Role-based access control (RBAC) with SSO/SAML integration. Granular permissions for admins, engineers, and read-only auditors.

🌐

Data Residency

Choose where your data lives. Available regions: GCC (UAE), European Union, and United States. Compliant with local data sovereignty laws.

🔎

Security Audits

Regular penetration testing, vulnerability scanning, and third-party security assessments. Full audit trails for every action.

🚫

No AI Training

Your data is never used to train, fine-tune, or improve any AI model. Zero data leakage to model providers. Contractually guaranteed.

Compliance

Regulatory Ready

EASA AI Framework

EASA AI Roadmap Alignment

  • Classified as Level 1A: AI-assisted human decision support
  • Part-145 Management of Change procedures supported
  • Concept paper & roadmap compliance documentation available
  • Designed for auditability by national aviation authorities
EU AI Act

EU AI Act Compliance

  • Minimal Risk classification under Annex I / Annex III
  • Article 4 transparency obligations met
  • Article 50 disclosure requirements addressed
  • Human oversight and explainability by design
GDPR

GDPR & Data Privacy

  • Multi-tenant architecture with strict data boundaries
  • Configurable data residency (EU / GCC / US)
  • Right to deletion fully supported with certification
  • Data Processing Agreements (DPA) provided
SOC 2

SOC 2 Certification

  • SOC 2 Type I audit targeted for Q4 2026
  • SOC 2 Type II planned for H2 2027
  • Trust Services Criteria: Security, Availability, Confidentiality
  • Continuous monitoring and evidence collection in place
Intellectual Property

Zero OEM IP Risk

1

No Data Extraction

Daleel does not copy, store externally, or redistribute OEM manuals. Documents remain in the customer’s encrypted tenant and are never exposed through the AI’s responses in verbatim form.

2

Retrieval, Not Reproduction

The AI retrieves relevant passages and synthesizes answers with citations. It never outputs full manual pages, diagrams, or proprietary content that could constitute IP infringement.

3

Contractual Safeguards

Our terms of service, data processing agreements, and enterprise contracts include explicit OEM IP protection clauses. We support customer audits and will provide compliance evidence upon request.

“We built Daleel so that MROs can leverage AI without ever compromising the intellectual property of the OEMs they depend on. The architecture makes IP leakage structurally impossible.”

Daleel MRO Engineering Team
AI Safety

Five Layers of Protection

1

Safety-First System Prompt

Every query is processed under an aviation-specific system prompt that enforces conservative, regulation-aligned responses.

2

Two-Pass Verification

Answers undergo a second AI pass that cross-checks claims against source documents before delivery.

3

WARNING / CAUTION Injection

Safety-critical warnings from source manuals are automatically detected and prominently displayed in every relevant response.

4

Mandatory Disclaimer

Every response includes a disclaimer that AI output must be verified against approved technical data before use on aircraft.

5

Complete Audit Trail

Every query, response, source citation, and user action is logged immutably for regulatory review and internal audits.

Infrastructure

Enterprise-Grade Stack

🗃

PostgreSQL + pgvector

Production-proven relational database with vector search for semantic retrieval. Per-tenant schemas with row-level security.

📦

Docker / Kubernetes

Containerized microservices orchestrated with Kubernetes for auto-scaling, self-healing, and zero-downtime deployments.

💾

Encrypted Backups

Automated daily backups with AES-256 encryption. Point-in-time recovery with geo-redundant storage across regions.

📡

24/7 Monitoring

Real-time infrastructure monitoring, anomaly detection, automated alerting, and incident response under defined SLAs.

Responsible AI

Built for Trust

🎯

Zero Hallucination Tolerance

Every answer must be grounded in uploaded source documents. If the data does not exist, Daleel says “I don’t know” rather than fabricate.

🔍

Transparent AI

Every response includes source citations with document name, revision, and page reference so engineers can verify instantly.

🧑

Human-in-the-Loop

Daleel assists; it does not decide. All critical maintenance decisions remain with licensed engineers and quality teams.

📈

Accuracy Audits

Regular internal accuracy benchmarks against known maintenance scenarios. Results shared transparently with customers.

Security Contact

Report a Vulnerability

For security concerns, vulnerability reports, or compliance questions:

Responsible Disclosure
We welcome security researchers to report vulnerabilities responsibly. We commit to acknowledging reports within 24 hours, providing an initial assessment within 72 hours, and working collaboratively toward resolution. We will not pursue legal action against good-faith security research.