Security Policy

At AIPTx, security is not just a feature—it's the foundation of everything we build. As a penetration testing platform, we hold ourselves to the highest security standards. We understand that you trust us with sensitive information about your systems, and we take that responsibility seriously.

Cloud Infrastructure

• Hosted on SOC 2 compliant cloud providers (AWS, GCP)
• Multi-region deployment with automatic failover
• Virtual Private Cloud (VPC) with network segmentation
• DDoS protection and Web Application Firewall (WAF)
• Regular infrastructure penetration testing

Data Centers

• Tier III+ data centers with 99.99% uptime
• Physical security: 24/7 guards, biometric access, CCTV
• Environmental controls: fire suppression, climate control
• Redundant power and network connectivity

Encryption

• Data at rest: AES-256 encryption
• Data in transit: TLS 1.3 with perfect forward secrecy
• Database encryption with customer-managed keys (Enterprise)
• Encrypted backups stored in geographically separate locations

Data Isolation

• Multi-tenant architecture with strict data isolation
• Dedicated infrastructure available for Enterprise customers
• Row-level security in databases
• Separate encryption keys per customer

Data Retention

• Configurable retention policies based on plan
• Secure data deletion with verification
• Automatic purge of temporary scan data

Authentication

• Multi-factor authentication (MFA) enforced
• SSO/SAML integration for Enterprise customers
• Password requirements: minimum 12 characters, complexity rules
• Account lockout after failed attempts
• Session management with automatic timeout

Authorization

• Role-based access control (RBAC)
• Principle of least privilege
• Granular permissions for teams and projects
• Audit logs for all access and changes

Employee Access

• Background checks for all employees
• Security training upon hire and annually
• Access granted on need-to-know basis
• Immediate access revocation upon termination

• 24/7 security monitoring and alerting
• Intrusion detection and prevention systems (IDS/IPS)
• Real-time log aggregation and analysis (SIEM)
• Anomaly detection using machine learning
• File integrity monitoring
• Network traffic analysis

• Continuous vulnerability scanning of all systems
• Third-party penetration testing annually
• Bug bounty program for responsible disclosure
• Critical vulnerabilities patched within 24 hours
• Regular dependency updates and security patches

We maintain a comprehensive incident response plan:

• Dedicated security incident response team
• Documented procedures for detection, containment, and recovery
• Customer notification within 72 hours of confirmed breach
• Post-incident analysis and improvement
• Regular tabletop exercises and simulations

• Disaster recovery plan with defined RTOs and RPOs
• Regular backup testing and recovery drills
• Geographic redundancy across multiple regions
• Automatic failover for critical systems

AIPTx maintains compliance with:

• SOC 2 Type II (Security, Availability, Confidentiality)
• ISO 27001 (Information Security Management)
• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• PCI DSS (for payment processing)

Audit reports and certifications are available to Enterprise customers under NDA.

To report a security vulnerability or concern:

• Security Team: [email protected]
• Bug Bounty: [email protected]
• PGP Key: Available on request

We commit to acknowledging reports within 24 hours and providing regular updates on remediation progress.