Trust at AIVZ.
The security, privacy, and data-handling practices that govern how AIVZ operates on your behalf — and on your customers' behalf. Honest about what's in place today and what's on the roadmap.
What AIVZ commits to.
The plain-language version of how AIVZ thinks about trust. The detailed artifacts — privacy policy, security overview, subprocessor list, terms of service — are linked below.
We minimize the data we collect.
AIVZ scans publicly accessible URLs and ingests the responses. We don't request access to your customer database, your CRM, or any system not explicitly required for the integration you've enabled.
We're transparent about who processes data.
A current subprocessor list lives at /subprocessors — every third-party service we use to deliver AIVZ, what data they process, and where they're located. Updated when the list changes.
We don't sell customer data. Ever.
AIVZ's revenue model is subscription. We don't have a secondary data-monetization revenue line and we never will.
We support customer data rights.
GDPR, CCPA, and equivalent regional regulations. Request access, export, or deletion through the contact form or by emailing the security team.
We're honest about what we haven't done yet.
AIVZ is a startup. SOC 2 Type II audit is on the roadmap, not in hand. ISO 27001 is on the roadmap. The security posture published today is honest about what's standard practice and what's audited.
The full trust posture, by artifact.
Each card links to a detailed page or downloadable artifact. This is the routing layer for procurement teams, security reviewers, and customers who want the source documents.
Privacy
What data AIVZ collects, why, how long it's retained, with whom it's shared, and how customers can exercise data rights.
Read the policySecurity
Architecture, encryption in transit and at rest, authentication, access controls, incident response posture, and certification state.
Read the overviewTerms
The contractual terms governing use of AIVZ — acceptable use, service-level expectations, liability, and dispute resolution.
Read the termsSubprocessors
Every third-party service that processes customer data on AIVZ's behalf — with location, data class, and processing scope.
View the listDPA
The Data Processing Agreement available to enterprise and agency customers handling EU/UK personal data subject to GDPR.
Request via emailSubprocessor notifications
Subscribe to advance email notice when AIVZ adds, removes, or materially changes a subprocessor.
SubscribeSecurity reports
Customers under NDA can request the most recent penetration test summary. Public attestation reports are not yet available.
Request under NDAResponsible disclosure
The process for security researchers to disclose vulnerabilities. Public security contact, published response SLAs.
Read the processWhere AIVZ stands today.
An honest view of which assurance artifacts are in place, which are on the roadmap, and which are out of scope for AIVZ's current offering.
| Artifact | Current state |
|---|---|
| GDPR compliance | In place — see /privacy |
| CCPA compliance | In place — see /privacy |
| SOC 2 Type I | In progress |
| SOC 2 Type II | Roadmap |
| ISO 27001 | Roadmap |
| HIPAA | Not in scope — AIVZ doesn't process PHI in standard configurations |
| FedRAMP | Not in scope |
| PCI-DSS | Not in scope — payment processing handled by subprocessors |
| Annual penetration test | In progress |
| Bug bounty program | Roadmap |
Reach the security team.
For security questions, vulnerability disclosures, security-review requests, or DPA requests.
[email protected]Response SLA: acknowledgement within 1 business day; substantive response within 5 business days.