SECURITY

Security and compliance.

How AI Hero's cloud is certified, how your deployment is isolated, what regulatory postures are available.

Our commitment to security.

Every AI Hero deployment is built and hosted by us — under SLA, inside a VPC dedicated to one customer, with SOC 2 controls applied at the platform level.

Below: the certifications we hold, the isolation model, the security, confidentiality, and availability commitments behind every engagement, and the policies that govern customer data.

Certifications.

SOC 2 Type 2.

AI Hero's cloud achieved SOC 2 Type 2 certification in October 2024. Every customer deployment ships with SOC 2 controls applied.

HIPAA.

Available on request for regulated workloads. BAAs in place with the providers underneath.

GDPR.

Available on request. Each deployment is pinned to a region; customer data does not cross regional boundaries.

Isolation by design.

VPC dedicated to you.

Every customer deployment runs inside its own private network, provisioned at onboarding and destroyed at offboarding.

No shared infrastructure.

Workloads in one customer's deployment cannot see, route to, or address workloads in another's.

Audited end-to-end.

Every change to a deployment is written to an audit log you can read.

Service commitments.

The commitments below apply to every customer deployment AI Hero hosts.

Security.

Access control.

Role-based access with least privilege. Authorization and configuration settings prevent users from reaching information outside their role.

Intrusion detection.

Network- and host-level monitoring on every deployment to prevent and identify attacks from outside the system boundary.

Vulnerability management.

Regular vulnerability scans across infrastructure and network. Penetration tests against the production environment.

Incident response.

Documented procedures for triage, containment, and notification. On-call rotation 24/7.

Encryption.

Customer data is encrypted at rest and in transit on every deployment.

Data retention and disposal.

Customer data is retained per contract and destroyed at offboarding using industry-standard secure-disposal procedures.

Uptime.

Production systems are monitored continuously against the SLA in your contract.

Confidentiality.

NDAs.

Confidentiality and non-disclosure agreements are in place with every employee, contractor, and third party that touches customer systems.

Encryption.

System data is encrypted at rest and in transit across every deployment we host.

Availability.

Monitoring.

Performance and availability are monitored across every deployment.

Support.

Customer requests are answered within the response times set in your SLA.

Business continuity and disaster recovery.

Documented BC/DR plans with defined RPOs, RTOs, roles, and responsibilities. Tested on a regular cadence.

Policies.

Read our Terms of Use, Privacy Policy, Cookie Policy, and Disclaimers.

Who hosts it.

AI Hero hosts every deployment as your sub-processor or managed service provider, depending on the engagement.

24/7 monitoring, on-call rotation, an SLA in writing. No customer team is on-call for software AI Hero built.

Questions?

Email team@aihero.studio. For DPAs, BAAs, or vendor security questionnaires, write to corp@aihero.studio.