AIOProductOSStatus

Security

How AIOProductOS protects customer data. For the live control coverage across 18 frameworks, see the compliance dashboard.

GDPR-ready

Every applicable GDPR control in our registry is implemented — data export (Art 20), deletion (Art 17), rectification (Art 16), DSAR (Art 15), ROPA (Art 30), DPIA for AI (Art 35), breach notification (Art 33–34), Standard Contractual Clauses (Art 46), the full Article 28 processor flow-down. Pin EU residency for EU customer data; sign the DPA in minutes.

/dpa · /privacy · /subprocessors · /cookies · live control list

Encryption

All traffic is served over TLS 1.2+. Data is encrypted at rest with AES-256 by our database and storage provider. Connection secrets you entrust to us (API keys, tokens) are additionally envelope-encrypted with a per-organization key — encryption of those secrets is enforced, not optional.

Access control & tenant isolation

Every table is protected by row-level security; one customer's data is never reachable from another's session. Application roles are enforced by restrictive policies, and the highest-privilege database key is confined to server-side code — it never reaches a browser. Internal staff access is least-privilege and reviewed quarterly.

Monitoring & logging

Application actions are written to an append-only audit log. Connector failures, cron overruns, and health regressions raise alerts, and a deep health check covers every customer-visible dependency. Security headers (CSP, HSTS, and the rest) are set on every response.

Resilience & backups

We run in two regions (EU and US) with byte-parity schemas. Production data is backed up daily; a full-organization data export is available on demand. Recovery objectives and a tested restore procedure are documented in our business-continuity plan.

Vulnerability management

Dependencies are monitored and patched on a defined SLA (Dependabot), source is statically analyzed (CodeQL), and secrets are scanned in CI and pre-commit (gitleaks). A rate limiter guards ingest, AI, and lookup endpoints. An annual third-party penetration test is scheduled.

Responsible disclosure

Found something? We want to hear it. Our security contact and policy are published at /.well-known/security.txt. Report to security@aioproductos.com; we act in good faith with researchers who do the same.

Privacy & data residency

Customer data is pinned to the region you choose (EU or US). We support data export and deletion, maintain Article 30 records of processing, and publish our full subprocessor list. AI features run on foundation models via API — your data is not used to train them.

Trust resources