The security, privacy, and data-handling practices that govern how AIVZ operates on your behalf — and on your customers' behalf. Honest about what's in place today and what's on the roadmap.
The plain-language version of how AIVZ thinks about trust. The detailed artifacts — privacy policy, security overview, subprocessor list, terms of service — are linked below.
AIVZ scans publicly accessible URLs and ingests the responses. We don't request access to your customer database, your CRM, or any system not explicitly required for the integration you've enabled.
A current subprocessor list lives at /subprocessors — every third-party service we use to deliver AIVZ, what data they process, and where they're located. Updated when the list changes.
AIVZ's revenue model is subscription. We don't have a secondary data-monetization revenue line and we never will.
GDPR, CCPA, and equivalent regional regulations. Request access, export, or deletion through the contact form or by emailing the security team.
AIVZ is a startup. SOC 2 Type II audit is on the roadmap, not in hand. ISO 27001 is on the roadmap. The security posture published today is honest about what's standard practice and what's audited.
Each card links to a detailed page or downloadable artifact. This is the routing layer for procurement teams, security reviewers, and customers who want the source documents.
What data AIVZ collects, why, how long it's retained, with whom it's shared, and how customers can exercise data rights.
Read the policyArchitecture, encryption in transit and at rest, authentication, access controls, incident response posture, and certification state.
Read the overviewThe contractual terms governing use of AIVZ — acceptable use, service-level expectations, liability, and dispute resolution.
Read the termsEvery third-party service that processes customer data on AIVZ's behalf — with location, data class, and processing scope.
View the listThe Data Processing Agreement available to enterprise and agency customers handling EU/UK personal data subject to GDPR.
Request via emailSubscribe to advance email notice when AIVZ adds, removes, or materially changes a subprocessor.
SubscribeCustomers under NDA can request the most recent penetration test summary. Public attestation reports are not yet available.
Request under NDAThe process for security researchers to disclose vulnerabilities. Public security contact, published response SLAs.
Read the processAn honest view of which assurance artifacts are in place, which are on the roadmap, and which are out of scope for AIVZ's current offering.
| Artifact | Current state |
|---|---|
| GDPR compliance | In place — see /privacy |
| CCPA compliance | In place — see /privacy |
| SOC 2 Type I | In progress |
| SOC 2 Type II | Roadmap |
| ISO 27001 | Roadmap |
| HIPAA | Not in scope — AIVZ doesn't process PHI in standard configurations |
| FedRAMP | Not in scope |
| PCI-DSS | Not in scope — payment processing handled by subprocessors |
| Annual penetration test | In progress |
| Bug bounty program | Roadmap |
For security questions, vulnerability disclosures, security-review requests, or DPA requests.
[email protected]Response SLA: acknowledgement within 1 business day; substantive response within 5 business days.
