Aivastark

Security

Last updated:

Security is foundational to Aivastark. Below is a summary of how we protect your data and how to report concerns.

Encryption

  • All traffic is encrypted in transit with TLS 1.2+.
  • Data at rest is encrypted using industry-standard algorithms.
  • Passwords are stored hashed with a modern, slow algorithm.

Access control

  • Production access is restricted to a small set of engineers and requires multi-factor authentication.
  • Embeddings and conversation data are scoped per organization · your data is never co-mingled with other customers'.
  • Audit logs of administrative actions are retained.

Data residency & compliance

Enterprise plans support EU data residency and additional compliance attestations (e.g., HIPAA BAA). Contact support@aivastark.com for specifics.

Sub-processors

See our sub-processors page for a current list of third parties with which we share data to operate the Service.

Vulnerability disclosure

We welcome responsible security research. Email findings to security@aivastark.com and please include reproduction steps. Do not publicly disclose before we've had a reasonable chance to remediate.

See also our security.txt for the canonical contact and policy.

Frequently asked questions

Is Aivastark SOC 2 certified?

Yes. Aivastark holds SOC 2 Type II certification. Data is encrypted in transit with TLS 1.2+ and at rest with AES-256.

Where is my customer data stored?

Your knowledge-base embeddings live in your own Supabase project, in your region. Data is scoped per organization — never co-mingled with other customers' — and is never used to train shared foundation models. PII is redacted before it reaches the model.

Is Aivastark HIPAA compliant?

HIPAA-readiness documentation is available under NDA, and a Business Associate Agreement (BAA) is available on Enterprise plans. Email support@aivastark.com for specifics.

Does Aivastark support SSO?

SAML/OIDC single sign-on is available on Enterprise plans, alongside EU data residency and additional compliance attestations.

How do I report a security vulnerability?

Email findings to security@aivastark.com with reproduction steps, and please don't publicly disclose before we've had a reasonable chance to remediate. Our canonical contact and policy are published at /.well-known/security.txt.