At our company, protecting your data is our highest priority. We implement industry‑leading security measures to ensure the confidentiality, integrity, and availability of all information processed through our AI voice agent platform. Below is an overview of our security posture and compliance certifications.
Data Security Standards
Encryption
TLS 1.3 for data in transit • 256-bit AES for data at rest
Data Hosting
Secure cloud infrastructure with 99.99% uptime SLA
Vulnerability Management
Regular penetration testing & security audits
Access Controls
Role‑based access & multi‑factor authentication
Compliance & Certifications
- GDPR (EU General Data Protection Regulation): Fully compliant. We offer Data Processing Agreements (DPAs) incorporating EU Standard Contractual Clauses (SCCs) for international data transfers.
- PCI DSS (Payment Card Industry Data Security Standard): Our infrastructure is PCI DSS Level 1 certified. We do not store full payment card data; all payments are processed through the hotel's PMS.
- UAE Data Protection Laws: We adhere to all applicable UAE regulations.
- ISO 27001 (Information Security Management): We align our security practices with ISO 27001 standards and are undergoing formal certification.
Data Processing & Subprocessors
We use carefully vetted subprocessors to deliver our Service. Current subprocessors include:
- Mail2w.com (Email Infrastructure): Permanent email delivery for hotel guests.
- Google Cloud Platform (Cloud Hosting): Secure, scalable infrastructure.
- Google Analytics (Website Analytics): Anonymized usage statistics.
Data Retention & Deletion
We retain personal data only as long as necessary to fulfill the purposes for which it was collected. For Guests, permanent email addresses remain active indefinitely unless deletion is requested. You may request deletion of your data at any time.
Security Incident Response
We maintain a formal incident response plan. In the event of a data breach affecting your personal data, we will notify affected individuals and relevant authorities as required by applicable law (e.g., within 72 hours under GDPR).
Contact Our Security Team
If you have a security concern or wish to report a vulnerability, please contact our Data Protection Officer (DPO) at security@aimaxy.net.