Compliance & Trust

Our commitment to security protocols, data privacy, and industry standards.

PCI DSS Compliance Compliant (SAQ A)

We maintain strict payment security standards to ensure your financial data is never at risk.

  • Secure Processing: We utilize PayPal for all transactions. Our servers never touch your credit card numbers (PAN).
  • Isolation: Payment fields are rendered in secure, isolated iFrames directly from the payment provider.
  • No Storage: We do not store, transmit, or process sensitive cardholder data on our infrastructure.

ISO 27001 Readiness Audit Ready

AIPrunr is architected to accelerate your ISO 27001 Information Security Management System (ISMS) audits.

  • Standard Alignment: Our architecture maps directly to Annex A controls (A.12 Operations Security, A.13 Communications Security).
  • Zero Egress Assurance: Because data never leaves your network, the appliance fundamentally satisfies data sovereignty and transmission protection requirements.
  • Audit Trails: Comprehensive local logging provides the evidentiary support needed for external auditors without exposing sensitive data.

SOC 2 Type II Readiness In Prep

We are committed to the Trust Services Criteria of Security, Availability, and Confidentiality.

  • Standardized Controls: Our internal policies and development lifecycles are mapped against the SOC 2 framework.
  • Continuous Monitoring: We leverage automated compliance platforms to ensure our security controls are operating effectively 24/7.
  • Confidentiality by Design: AIPrunr's agentless model ensures customer data processing is isolated, streamlining your third-party risk assessments.

GDPR & CCPA Compliant

We respect your data privacy rights and collect the absolute minimum data required.

  • Right to be Forgotten: You can permanently delete your account and data via our automated self-service portal.
  • Minimal Collection: We only store your email for license delivery and essential communication.
  • Explicit Consent: We require active opt-in for all data processing activities.

Public Sector Readiness FedRAMP Ready

AIPrunr supports the unique stringent requirements of Federal, State, and Defense agencies.

  • FedRAMP Friendly: Our "Zero Egress" model simplifies the security boundary, often qualifying for LI-SaaS or falling under agency-led FISMA ATOs.
  • NIST 800-53/171: Architecture is mapped to NIST 800-53 Moderate controls, ensuring rapid adoption for civilian and defense agencies.
  • Section 508: Committed to digital accessibility standards to ensure equal access for all government employees.

Appliance Security Zero Egress

Our "Zero Egress" architecture ensures your cloud data never leaves your environment.

  • Local Processing: All analysis happens locally on your machine. No cloud metadata is ever sent to AIPrunr servers.
  • Read-Only Access: The appliance strictly uses Read-Only APIs (e.g., `ec2:DescribeInstances`). It cannot modify your infrastructure.
  • Local Encryption: Your cloud credentials are stored in a locally encrypted database on your server (AES-256).

Trust & Verification Auditable

We believe in "Radical Transparency". You can verify our security claims yourself.

  • Firewall Friendly: You can block all outbound traffic from the appliance except for `*.amazonaws.com` (or your specific cloud provider). It does not "phone home".
  • Packet Inspection: We encourage running Wireshark/tcpdump to confirm no data exfiltration occurs.
  • Open Tech Stack: Built on industry-standard open source technologies: Docker, PostgreSQL 15, and Node.js (LTS).

Need a formal security review?

Contact Security Team