Data security

DATA SECURITY POLICY

Effective Date: August 1, 2025
Last Updated: August 1, 2025

1. Our Commitment to Data Security

At Aixpress, we understand that you entrust us with valuable information when you use our AI tools and services. This Data Security Policy outlines the comprehensive measures we take to protect your data from unauthorized access, use, or disclosure.

We employ industry-leading security practices and continuously update our protections to address emerging threats, particularly those unique to AI platforms.

2. Information We Protect

2.1 Types of Data We Secure

Customer Data

  • Account information and login credentials
  • Payment and billing information
  • AI-generated content and outputs
  • Uploaded files and training data
  • Usage logs and preferences

Business Data

  • Proprietary AI models and algorithms
  • Internal systems and infrastructure
  • Business records and communications
  • Third-party confidential information

2.2 How We Classify Data

We categorize all data based on sensitivity level to ensure appropriate protection:

  • Highly Sensitive: Payment data, passwords, biometric information
  • Sensitive: Personal information, AI-generated content, business contracts
  • Internal: Non-public business information

3. Security Measures We Implement

3.1 Technical Protections

Encryption

  • All sensitive data is encrypted at rest using AES-256 encryption
  • Data in transit is protected with TLS 1.3 or higher
  • End-to-end encryption for AI model transfers
  • Secure key management systems

Access Controls

  • Multi-factor authentication (MFA) required for all accounts
  • Role-based permissions with least-privilege access
  • Regular access reviews and updates
  • Automated session timeouts

Network Security

  • Advanced firewalls and intrusion detection systems
  • DDoS protection at all network entry points
  • Network segmentation to isolate sensitive systems
  • 24/7 security monitoring

3.2 Physical Security

Data Center Protection

  • 24/7 physical security monitoring
  • Biometric access controls
  • Environmental monitoring and redundant systems
  • Secure disposal of physical media

Device Security

  • Encrypted company devices
  • Remote wipe capabilities
  • Mobile device management
  • Automatic security updates

3.3 Operational Security

Employee Training

  • Mandatory security awareness training for all staff
  • Regular phishing simulations
  • Role-specific security education
  • Annual security certification requirements

Vendor Management

  • Security assessments for all third-party providers
  • Contractual security requirements
  • Regular vendor audits
  • Continuous monitoring of critical vendors

4. AI-Specific Security Measures

4.1 Model Protection

  • Secure model storage and versioning
  • Protection against model extraction attacks
  • Adversarial input detection
  • Regular security testing of AI systems

4.2 Data Processing Security

  • Isolated processing environments
  • Automatic data deletion after processing
  • Anonymization techniques where applicable
  • Audit logs for all AI operations

4.3 Content Security

  • AI-generated content watermarking
  • Abuse detection systems
  • Content authenticity verification
  • Ethical use monitoring

5. Incident Response

5.1 Our Response Process

If a security incident occurs, we:

  • Immediately contain the incident to prevent further impact
  • Investigate to understand scope and cause
  • Notify affected users and authorities as required by law
  • Remediate vulnerabilities and strengthen controls
  • Review and improve our security measures

5.2 Notification Commitments

  • Regulatory notifications within 72 hours where required
  • User notifications as soon as investigation permits
  • Clear communication about impact and protective measures
  • Support for affected users

6. Your Security Responsibilities

6.1 Account Security

  • Use strong, unique passwords
  • Enable multi-factor authentication
  • Keep login credentials confidential
  • Report suspicious activity immediately

6.2 Data Handling

  • Only upload data you have rights to use
  • Follow our acceptable use policies
  • Maintain security of downloaded content
  • Respect intellectual property rights

7. Compliance and Certifications

7.1 Regulatory Compliance

We maintain compliance with:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Relevant AI and data protection regulations globally

7.2 Security Audits

  • Annual third-party security assessments
  • Quarterly internal security reviews
  • Continuous vulnerability scanning
  • Penetration testing by certified professionals

8. Data Retention and Deletion

8.1 Retention Periods

  • Customer data: Retained while account is active plus legal requirements
  • AI-generated content: 90 days unless saved by user
  • Security logs: 2 years for incident investigation
  • Payment records: 7 years for tax compliance

8.2 Secure Deletion

  • Multi-pass overwriting for digital media
  • Physical destruction of hardware
  • Certificate of destruction provided when requested
  • Verification of third-party deletion

9. International Data Transfers

When we transfer data internationally, we ensure protection through:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Binding Corporate Rules where applicable
  • Encryption during all transfers

10. Transparency and Accountability

10.1 Security Updates

We provide:

  • Annual transparency reports on security metrics
  • Prompt notification of material security changes
  • Regular security tips and best practices
  • Clear communication during incidents

10.2 Your Rights

You can:

  • Request information about our security practices
  • Report security concerns
  • Access security logs related to your account
  • Request additional security measures for sensitive operations

11. Third-Party Security

11.1 Our Requirements

All third parties handling data must:

  • Meet or exceed our security standards
  • Sign data protection agreements
  • Submit to security audits
  • Maintain appropriate insurance

11.2 Subprocessor List

We maintain a current list of subprocessors on our website, including:

  • Cloud infrastructure providers
  • Payment processors
  • Analytics services
  • Support tools

12. Updates to This Policy

We may update this policy to reflect:

  • Changes in our security practices
  • New legal requirements
  • Emerging security threats
  • Feedback from our users

When we make material changes, we will:

  • Post a notice on our website
  • Send email notifications to registered users
  • Provide a summary of key changes
  • Allow time for review before changes take effect

13. Questions?

If you have questions about our security practices or this policy, please contact us at info@aixpress.com. We’re committed to transparency and will respond to all inquiries promptly.

By using Aixpress services, you acknowledge that you have read and understood our security practices as described in this policy.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.