Enterprise Security

Security & Compliance

Our security posture, compliance certifications, and trust commitments to keep your operations safe.

Infrastructure Security

Built on Vercel and Supabase, both SOC 2 Type II certified infrastructure providers with industry-leading security practices.

Data encrypted at rest with AES-256 and in transit with TLS 1.3. Your data remains secure at every layer.

Deployed across 18+ edge regions with automatic failover, DDoS protection, and 99.9% uptime SLA.

We never store your banking credentials or API secrets in plaintext. Our architecture is designed with zero-knowledge principles:

OAuth 2.0 Tokens: We use scoped, revocable OAuth tokens instead of passwords. You can revoke access at any time.
Token Encryption: All API keys are encrypted using a rotating master key with AES-256 before database storage.
Minimal Scope: Tokens request only the minimum permissions required for your specific automation.
No Custody: AESL cannot access your accounts without your active, scoped authorization.

Your workflow data is NOT used to train our models. We take AI privacy seriously:

Enterprise Endpoints: We use enterprise-tier LLM providers with contractual zero-retention guarantees.
No Data Mining: Your automation logs, prompts, and outputs are never shared with AI vendors for training.
Ephemeral Processing: LLM requests are processed in real-time and not stored by model providers.
Data Isolation: Each customer's data is logically isolated with row-level security policies.

All payment processing handled through Stripe, a PCI-DSS Level 1 certified service provider. We never touch your card data.

Advanced fraud detection powered by Stripe Radar, with real-time machine learning models blocking suspicious transactions.

Found a security issue? We take all reports seriously and respond within 24 hours. Responsible disclosure is rewarded.

SOC 2 Type II

PCI-DSS Level 1

GDPR Compliant