Trust & Security

YOUR DATA
IS SAFE
WITH US

Your competitive intelligence is sensitive. We treat it that way — with enterprise-grade security built into every layer of the AiR platform.

How We Protect You

Security at every layer.

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Your credentials are hashed using bcrypt and never stored in plain text.

Access Controls

Strict role-based access controls govern who on our team can view what. Production data access is limited to authorized engineers on a need-to-know basis, with full audit logging.

Continuous Monitoring

Our infrastructure is monitored 24/7 for anomalies, intrusion attempts, and unusual activity. Automated alerts and an on-call rotation ensure rapid response around the clock.

Regular Audits

We conduct regular internal security reviews and periodic third-party assessments. Vulnerabilities are tracked, prioritized, and remediated according to severity.

Secure Infrastructure

AiR is hosted on AWS within industry-standard data centers. Network-level protections include firewalls, DDoS mitigation, and VPC isolation.

Employee Security

All AiR team members complete security awareness training, follow a documented security policy, and use hardware-key MFA for system access. Background checks are conducted for roles with data access.

Technical Specifics

What we do, precisely.

Data Protection

  • TLS 1.2+ for all data in transit
  • AES-256 encryption at rest
  • bcrypt password hashing (cost factor 12)
  • Database-level encryption
  • Encrypted backups with tested restoration
  • Secure deletion of customer data on account closure

Authentication & Access

  • Multi-factor authentication (MFA) supported
  • Single Sign-On (SSO) available on Agency & Enterprise plans
  • Session timeout after inactivity
  • Role-based access controls within team accounts
  • Admin access audit logs
  • Compromised credential detection

Infrastructure

  • Hosted on AWS us-east-1
  • DDoS protection via Cloudflare
  • Web Application Firewall (WAF)
  • Private VPC with network segmentation
  • Automated vulnerability scanning on deploys
  • 99.9% uptime SLA

Development Practices

  • OWASP Top 10 addressed in code reviews
  • Dependency vulnerability scanning (e.g. Snyk / Dependabot)
  • Staging environment separate from production
  • No production data in development environments
  • Peer code review required for all changes
  • Secrets managed via environment-level secret management
Compliance

Standards we uphold.

AiR is designed to comply with applicable data protection laws and industry standards. Our security practices are reviewed and improved on an ongoing basis.

GDPR
EU General Data Protection Regulation compliant
CCPA
California Consumer Privacy Act compliant
SOC 2
Type II security & availability controls audit
ISO 27001
International information security standard aligned
Incident Response

If something goes wrong.

No system is perfectly immune. What matters is how quickly and transparently we respond. Here's our incident response process.

In the event of a confirmed breach affecting your personal data, we will notify affected customers and relevant regulatory authorities within the legally required timeframe (72 hours for GDPR).

01

Detect & Contain

Automated alerts and on-call engineers identify and isolate the incident within minutes.

02

Assess Impact

We determine what data was affected, how many customers are impacted, and the root cause.

03

Notify

Affected customers are notified promptly with clear details about what happened and what to do.

04

Remediate & Learn

We fix the vulnerability, conduct a full post-mortem, and implement controls to prevent recurrence.

Responsible Disclosure

Found a vulnerability?

We appreciate security researchers who help us keep AiR safe. If you've discovered a potential security issue, please report it to us responsibly before disclosing it publicly.

Report a Security Issue

Email us at max@getairesults.ai with subject line "Security Disclosure." Please include:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Any proof-of-concept code or screenshots

Report a Vulnerability

We commit to acknowledging reports within 72 hours, keeping you informed of our progress, and not pursuing legal action against good-faith researchers who follow this process.