Your permit data and compliance records are protected with enterprise-grade infrastructure and industry-standard security practices.
Built with security as a first principle, not an afterthought
All data is encrypted using TLS 1.3 the same standard used by major banks. Your permit documents are never transmitted in plain text.
Your organization's data is completely isolated from other customers. Cross-tenant data access is architecturally impossible by design.
We use Anthropic's enterprise API with a zero data retention policy. Your permits are never stored by Anthropic or used to train AI models.
Passwords are hashed with bcrypt never stored in plain text. JWT tokens expire automatically and are invalidated on logout.
Our cloud infrastructure provides automatic DDoS mitigation at the network level, protecting your access to AirComply at all times.
Granular user roles ensure team members only access what they need. Admin, manager, and read-only roles are fully supported.
Built on trusted, certified platforms
AirComply runs on SOC 2 Type II certified cloud infrastructure provided by Railway. Our hosting layer provides automatic TLS, DDoS protection, infrastructure monitoring, and high availability. Your data stays in US-based data centers.
SOC 2 Type II Certified Infrastructure US Data CentersAI analysis is powered by Anthropic's Claude via their enterprise API. Your documents are analyzed in real-time and are not retained by Anthropic or used for model training. Anthropic maintains strict enterprise data handling policies.
Zero Data Retention Enterprise APICompliance data is stored in a dedicated PostgreSQL database with automated backups. Data is logically isolated per organization with row-level security enforced at the application layer. Your data is never commingled with other customers.
Automated Backups Row-Level SecurityUploaded permit documents are stored on enterprise-grade persistent cloud storage. Files are backed up automatically and are accessible only to authorized users within your organization.
Persistent Volumes Access ControlledWhat we do every day to keep your data safe
All passwords hashed with bcrypt before storage. Plain text passwords are never stored or recoverable.
JWT tokens expire automatically. Sessions invalidated on logout. No sensitive data in persistent cookies.
All traffic encrypted via TLS 1.3. HTTP automatically redirected to HTTPS. SSL certificates auto-renewed.
Every query filtered by organization ID. Your data is never accessible to other organizations.
Database and file backups run automatically. Your compliance data is protected against accidental loss.
All user actions and data access are logged with timestamps. Full audit trail available for enterprise customers.
Our clear process if something goes wrong
Immediate identification and isolation of any security issue
Determine scope and impact on customer data
Affected customers notified promptly with full details
Root cause fixed, controls improved, review completed
To report a security concern: security@aircomply.com
Common questions from enterprise customers
Your data is stored on SOC 2 Type II certified US-based cloud infrastructure provided by Railway. We do not store data outside the United States. Your permit data is never used to train AI models.
No. We use Anthropic's enterprise API with zero data retention. Your documents are never used to train AI models by Anthropic or AirComply.
AirComply runs on SOC 2 Type II certified cloud infrastructure provided by Railway. We are working toward our own independent certifications as we grow.
No. Your data is completely isolated. Every query is filtered by your organization ID. Cross-tenant access is architecturally impossible.
Yes. Master Service Agreements and Non-Disclosure Agreements are available for enterprise customers. Contact us to request.
Passwords are hashed using bcrypt before storage. We never store plaintext passwords and cannot recover them if lost.
Our team is happy to answer any security questions from your IT or legal team.
Contact Us