AIVOLabs is built with practical security controls. We document our current safeguards clearly and update this page as controls evolve.
1. Security program
Security ownership sits with the founders. We review auth, secrets, environment configuration, and incident paths before each release.
2. Compliance
- Current-stage controls with documented operating procedures
- GDPR and UK GDPR support via customer data handling workflows
- No HIPAA workflow support at this time
3. Data protection
Data is encrypted in transit (TLS 1.3) and at rest (AES-256 via KMS). Backups are encrypted and geographically redundant within your configured region (US or EU).
4. Access controls
- Email/password authentication for customer access currently
- No enterprise SSO or SAML support at this time
- Internal access is least-privilege, reviewed quarterly
- All production access requires MFA and is logged
5. Infrastructure
AIVOLabs runs on Vercel and AWS (us-east-1 and eu-west-1) with network segmentation, automated dependency scanning, and infrastructure defined in code. Configuration changes require peer review.
6. Incident response
We maintain a documented incident response plan with defined severities, on-call rotation, and customer notification commitments. Post-mortems are shared with affected customers within 14 days.
7. Vulnerability disclosure
Found something? Report vulnerabilities to security@aivolabs.xyz. We acknowledge reports promptly and provide follow-up status updates as fixes are deployed.