Security is foundational to Aivastark. Below is a summary of how we protect your data and how to report concerns.
Encryption
- All traffic is encrypted in transit with TLS 1.2+.
- Data at rest is encrypted using industry-standard algorithms.
- Passwords are stored hashed with a modern, slow algorithm.
Access control
- Production access is restricted to a small set of engineers and requires multi-factor authentication.
- Embeddings and conversation data are scoped per organization — your data is never co-mingled with other customers'.
- Audit logs of administrative actions are retained.
Data residency & compliance
Enterprise plans support EU data residency and additional compliance attestations (e.g., HIPAA BAA). Contact support@aivastark.com for specifics.
Sub-processors
See our sub-processors page for a current list of third parties with which we share data to operate the Service.
Vulnerability disclosure
We welcome responsible security research. Email findings to security@aivastark.com and please include reproduction steps. Do not publicly disclose before we've had a reasonable chance to remediate.
See also our security.txt for the canonical contact and policy.