Not Just [4] AI Request a Consultation →
Security & Data Governance

Designed to minimise your risk.

Engaging an assessor means sharing evidence. This page sets out how Not Just 4 AI is designed to minimise governance and information-handling risk when you do — so working with us does not become a risk of its own.

The question that matters to procurement is not “is it secure?” — it is “will this create risk for us?” This page answers that one.

How information is handled. Minimised by design.
Information handling

What happens to what you share.

01 · Data handling

Only what's needed

We work from the evidence you provide and collect only what the assessment requires — handled for the purpose of the engagement, and nothing else.

02 · Data residency

Kept in-region

The website origin runs on AWS in the UAE (me-central-1). Where your assessment information is held is defined in your engagement agreement, and can be kept in-region to meet GCC requirements.

03 · Access controls

Least privilege

Access to client material is restricted to the assessment team on a need-to-know basis, behind authenticated systems.

04 · Retention

Held only as needed

Client materials are kept only for as long as the engagement requires. Retention periods and deletion at close are set out in the agreement.

05 · Confidentiality

Yours, and confidential

Your evidence is treated as confidential, covered by NDA, used only for your assessment — and never used to train AI models.

The assessment is governed too. Consistent and traceable.
Assessment governance

We hold ourselves to the same standard.

The assessment itself is governed: one consistent, versioned methodology, an audit trail of findings, and a claims-versus-evidence discipline that keeps every conclusion traceable to what supports it. The same rigour we assess you against, we apply to our own work.

A person stands behind it. Not fully automated.
Human oversight

Reviewed by a qualified person.

The assessment is not fully automated. A qualified reviewer validates findings and stands behind the conclusion.

This is what regulators, procurement teams, and compliance functions expect — and it is part of what makes a result defensible. More on how the assessment is assured →

Responsible disclosure. Tell us privately.
Responsible disclosure

Found something? Tell us first.

If you believe you have found a security or data-handling issue, please report it privately to info@notjust4.ai. We ask for a reasonable opportunity to investigate and remediate before any public disclosure, and we do not pursue good-faith researchers who follow this process.

Security & data questions

Ask us anything about how we handle information.

Procurement, compliance, or security teams reviewing us are welcome to ask directly. We respond within two working days.

Ask a security question → Read the privacy notice

info@notjust4.ai · Masdar City Free Zone, Abu Dhabi · Licence MC 14283