Accepting new 2025 CodeWheel AI engagements for AI web, security, and commerce programs.
CodeWheel AI logomarkCodeWheel AI

Security Standards for AI Platforms | CodeWheel AI

Terms & Conditions - Security Standards & Engagement Policies

CodeWheel AI operates as a DBA of Servers Connect LLC. References to “CodeWheel AI,” “we,” or “our” in these terms mean Servers Connect LLC doing business as CodeWheel AI, the legal entity providing the services described here.

These terms govern your use of this site and any services provided by CodeWheel AI. We’re a development team with 15 years of production experience, building AI platforms with security baked in. Penetration testing happens during development because we’ve debugged 200+ prompt injection attacks in production systems.

1. Services & Security Standards

We deliver consulting, design, engineering, and security services across AI web apps, infrastructure, commerce, and related marketing assets. Security standards include OWASP methodology plus LLM-specific testing (prompt injection, context poisoning, jailbreaks).

Proposals define scope, deliverables, pricing, and assumptions. Security testing isn’t optional-it’s part of every engagement. For AI platform development we implement security from day one:

  • Vector database security (pgvector with HNSW indexing)
  • RAG system hardening against context poisoning
  • MCP server authentication protocols
  • Next.js/Vercel deployment security

See our AI security services and penetration testing methodology for details.

2. Engagement Process

Work begins when a Statement of Work or MSA is signed. You provide timely access to systems, stakeholders, and required credentials.

Deliverables are accepted once review feedback is addressed per the contract timeline. Security engagements include vulnerability reports with remediation guidance and re-testing verification.

Our security standards documentation covers:

  • Credential management protocols
  • System access procedures
  • Compliance alignment (payment card obligations and other customer-required frameworks)
  • Incident response processes

3. Intellectual Property & Code Ownership

You own the final code, designs, and assets once invoices are paid.

We may reference anonymized learnings and non-confidential patterns unless prohibited by contract. That includes security patterns and performance optimizations that don’t expose your business logic.

For AI platform development this means you receive:

  • Complete codebase ownership
  • Deployment configurations
  • Security hardening documentation
  • Architecture decision records

4. Confidentiality & Security Protocols

Both parties keep shared information confidential and follow the security standards documented in the engagement. We sign NDAs/DPAs and match your compliance requirements.

Our confidentiality practices include:

  • Encrypted communications (Signal, ProtonMail)
  • Secure credential sharing (1Password Business)
  • Repository access controls with MFA
  • Production data handling procedures

We maintain security standards aligned with fintech and other regulated industry frameworks.

5. Payment Terms

Invoices are due per contract (typically Net 15). Late payments may pause work.

Security deliverables-penetration test reports, re-test verification-are provided after payment. Re-testing is included for 30 days post-delivery.

6. Liability Limitations

Liability is capped at the fees paid for the relevant engagement, to the extent permitted by law. Neither party covers consequential damages.

We carry professional liability insurance and maintain security controls that reduce risk for both sides.

7. Updates to These Terms

We may update these terms periodically. Continued use of the site or services indicates acceptance. Major changes affecting security standards or engagement policies are communicated to active clients with 30 days’ notice.

Questions or Next Steps

Security-first development means fewer vulnerabilities in production and faster compliance reviews. Contact legal@codewheel.ai or schedule a technical consultation to discuss your requirements.

Last updated: 2025-12-11