Data Protection

We appreciate your confidence and work hard to keep your information secure.

Security at Airparser

At Airparser, keeping your data safe is our top priority. We protect the confidentiality, integrity, and availability of your information with layered technical and organizational controls.

Here are some examples of security measures we implement at Airparser (non-exhaustive list).

AI and data use

We never train or enhance our AI or LLM models with your data, and we never sell it. Your data remains exclusively yours.

Data security and integrity

We apply multiple safeguards to protect data in transit, at rest, and during processing.

  • All communications are encrypted using HTTPS with TLS (TLS 1.2+). We use valid digital certificates for secure web and API traffic.
  • Data at rest is encrypted with AES-256 and stored in encrypted Amazon S3 buckets.
  • Passwords are stored using modern one-way hashing (e.g., bcrypt). We never have access to your actual password.
  • We don’t store credit card details. Payments are handled by Stripe, a PCI DSS compliant provider.
  • Access is protected by firewalls, strict network segmentation, and continuous monitoring.
  • Operating systems and dependencies are hardened and patched regularly.

Cloud security

Airparser relies on trusted cloud providers with robust security and compliance controls for data center physical security and cloud infrastructure.

  • Google Cloud Platform and DigitalOcean host our compute and networking workloads.
  • Amazon S3 is used for encrypted object storage.
  • We leverage provider features such as encrypted storage, key management, access logging, and fine-grained IAM.

Availability and resilience

We design for uptime, scalability, and business continuity.

  • Distributed cloud databases and services for horizontal scalability and fault tolerance.
  • Automated, regular backups stored securely to minimize risk of data loss.
  • 24/7 infrastructure monitoring with real-time alerting.
  • Documented disaster recovery procedures and periodic drills.

Downtime and scheduled maintenance

We use CI/CD and auto-scaling infrastructure to deploy changes safely and adjust capacity without service interruption.

  • Blue/green and rolling deployments to reduce risk.
  • A publicly available Status page provides real-time availability and incident updates.

Monitoring and logging

We maintain detailed logs to support security, reliability, and customer support.

  • Comprehensive internal audit logs for authentication, access, and system actions.
  • Application activity is summarized for users in the Document history tab for transparency.
  • Centralized log aggregation and alerts help us detect and investigate anomalies quickly.

You own your data

All documents, emails, and extracted data you process with Airparser are yours.

  • For parsing services, you are the Data Controller and Airparser acts as your Data Processor, processing data only on your instructions.
  • You can delete documents, schemas, or your entire account at any time. Data is removed from active systems immediately and from backups/logs within defined retention windows.
  • Configurable retention policies let you automatically delete data between 1 and 180 days to meet your legal or business requirements.

Privacy and confidentiality

We respect your privacy and limit access to your information.

  • We never sell, rent, or share your data without your consent.
  • Access to customer data is restricted by least privilege and audited regularly.
  • All employees complete security and privacy training and are bound by confidentiality obligations.

Compliance

Our practices align with leading frameworks and regulations.

  • Compliant with GDPR; Data Processing Agreements (DPAs) are available.
  • International data transfers are protected using Standard Contractual Clauses (SCCs), where applicable.
  • We leverage cloud providers that maintain widely recognized certifications (e.g., ISO 27001, SOC 2).

Secure development & code management

Security is built into our software development lifecycle.

  • Every feature, update, and fix undergoes peer review before release.
  • Regular code audits, unit/integration tests, and automated pipelines guard against regressions and vulnerabilities.
  • Static and dependency scanning help us identify and remediate issues quickly.

Data minimization

We collect and store only the information that is essential to deliver and improve our services. We avoid retaining data longer than necessary.

Incident response

We have documented incident response and escalation procedures.

  • Continuous monitoring helps us detect unusual activity.
  • If a breach occurs, affected users and relevant authorities will be notified within 72 hours, where required by law.

Trusted subprocessors

We carefully select subprocessors that meet our security and privacy standards and limit their access to what is strictly necessary.

  • Amazon S3 — Data storage
  • Anthropic — AI services
  • Crisp — Customer support
  • DigitalOcean — Cloud infrastructure
  • Google Cloud Platform — Cloud services
  • Microsoft — Cloud computing
  • MongoDB Atlas — Database infrastructure
  • OpenAI — AI services
  • Stripe — Payment processing

Questions?

Security is at the heart of everything we do. If you have any questions or need more details, contact us at [email protected].