Compliance & Trust

Our commitment to security protocols, data privacy, and industry standards.

PCI DSS Compliance Compliant (SAQ A)

We maintain strict payment security standards to ensure your financial data is never at risk.

  • Secure Processing: We utilize PayPal for all transactions. Our servers never touch your credit card numbers (PAN).
  • Isolation: Payment fields are rendered in secure, isolated iFrames directly from the payment provider.
  • No Storage: We do not store, transmit, or process sensitive cardholder data on our infrastructure.

GDPR & CCPA Compliant

We respect your data privacy rights and collect the absolute minimum data required.

  • Right to be Forgotten: You can permanently delete your account and data via our automated self-service portal.
  • Minimal Collection: We only store your email for license delivery and essential communication.
  • Explicit Consent: We require active opt-in for all data processing activities.

Appliance Security Zero Egress

Our "Zero Egress" architecture ensures your cloud data never leaves your environment.

  • Local Processing: All analysis happens locally on your machine. No cloud metadata is ever sent to AIPrunr servers.
  • Read-Only Access: The appliance strictly uses Read-Only APIs (e.g., `ec2:DescribeInstances`). It cannot modify your infrastructure.
  • Local Encryption: Your cloud credentials are stored in a locally encrypted database on your server (AES-256).

Trust & Verification Auditable

We believe in "Radical Transparency". You can verify our security claims yourself.

  • Firewall Friendly: You can block all outbound traffic from the appliance except for `*.amazonaws.com` (or your specific cloud provider). It does not "phone home".
  • Packet Inspection: We encourage running Wireshark/tcpdump to confirm no data exfiltration occurs.
  • Open Tech Stack: Built on industry-standard open source technologies: Docker, PostgreSQL 15, and Node.js (LTS).

Need a formal security review?

Contact Security Team