🛡️ Security review and vendor questionnaires

This page is a friendly, plain-English guide for anyone doing a security review of Airparser. It points you to the official policies on our website, gives you short answers you can copy into questionnaires, and explains how to contact us if you still need help.

Quick links (official docs)

• Data protection: https://airparser.com/data-protection/

• Security: https://airparser.com/security/

• Privacy policy: https://airparser.com/privacy/

• GDPR: https://airparser.com/gdpr/

• DPA: https://airparser.com/dpa/

Short answers you can reuse

Data ownership
You own your data. Documents, emails, and extracted fields remain yours. We process data only to provide the service you ask for.

AI/LLM usage
We do not sell your data, and we do not use customer data to train or improve AI or LLM models.

Data in transit
Encrypted with HTTPS/TLS (TLS 1.2+).

Data at rest
Encrypted (AES-256).

Where data is stored
Your data is hosted on trusted cloud infrastructure with encryption at rest. Our primary databases are located in the United States (USA).

Cloud providers
We use trusted providers and encrypted Amazon S3 for object storage. See the provider list on our Security page.

Access controls
Production access is limited to authorized staff on a need-to-know basis and is logged.

Backups & availability
Regular automated backups; distributed and scalable infrastructure; 24/7 monitoring and alerting.

Retention & deletion
Configurable retention (typically 1–180 days). You can delete individual items or your account; data is removed according to our retention windows.

Passwords
Stored using one-way hashing (e.g., bcrypt). We never store plaintext passwords.

Subprocessors
We work with a small, vetted set of providers (e.g., Amazon S3, DigitalOcean, Google Cloud Platform, Microsoft, MongoDB Atlas, Stripe, OpenAI/Anthropic for AI services, Crisp for support). See the current list on our Security page.

Compliance
We align with GDPR. International transfers are protected with appropriate safeguards (e.g., SCCs). See our GDPR page and DPA for details.

Incident response
We have documented procedures and continuous monitoring. If a notifiable breach occurs, we will notify affected customers and, where required, regulators within 72 hours.

Where to find what most questionnaires ask

• Policies & technical controls: see our Security overview → https://airparser.com/security/

• Privacy, legal bases, and data subject rights: Privacy and GDPR → https://airparser.com/privacy/ and https://airparser.com/gdpr/

• Data processing terms: DPA → https://airparser.com/dpa/

• High-level program: Data protection summary → https://airparser.com/data-protection/

Extra details (for security reviewers)

• Data location: primary databases are in the United States (USA).

• Encryption: TLS 1.2+ in transit; AES-256 at rest (including encrypted Amazon S3 for object storage).

• Providers: we rely on trusted cloud providers (e.g., Google Cloud Platform, DigitalOcean) and a small set of vetted subprocessors (Amazon S3, Crisp, Microsoft, MongoDB Atlas, Stripe, OpenAI/Anthropic, etc.).

• Monitoring & logging: centralized logs and 24/7 monitoring; customer-visible activity is summarized in product history where applicable.

• Retention & deletion: configurable retention (1–180 days) plus on-demand deletion.

• Development practices: peer reviews, automated testing, dependency/security scanning as part of CI/CD.

• Incident response: documented runbooks, escalation procedures, and notification commitments aligned with GDPR.

For the authoritative version of any statement above, please refer to our website docs:

• https://airparser.com/data-protection/

• https://airparser.com/security/

• https://airparser.com/privacy/

• https://airparser.com/gdpr/

• https://airparser.com/dpa/

Contact

If you have any questions, please email security@airparser.com.