Security Policy
Effective Date: June 2025
Overview
At AI WorkPhoto, safeguarding customer information is our highest priority. This Security Policy details the organizational and technical measures we implement to prevent unauthorized access, modification, or disclosure of customer data. AI WorkPhoto operates using Amazon Web Services (AWS), Vercel, and Stripe platforms. We recommend reviewing our Terms of Service and Privacy Policy for comprehensive information.
Security Team
Our security specialists include seasoned professionals with proven experience in designing, developing, and maintaining secure, internet-facing applications across both emerging companies and established enterprises.
Security Best Practices
Incident Management
- Documented formal protocols for security events with thorough training for all personnel.
- Rapid escalation, team mobilization, and response to security incidents.
- Comprehensive post-incident analyses conducted after each event, reviewed internally and shared with relevant teams.
- Immediate written communication to affected customers upon confirming any security breach, outlining the incident and investigation status.
Deployment Automation
- Completely automated deployment workflows enabling secure and dependable updates within minutes.
- Multiple daily releases facilitate swift deployment of critical security updates.
Access Control
- Required multi-factor authentication (MFA) and robust password requirements enforced across GitHub, AWS, Vercel, and Stripe.
Infrastructure Protection
- Fully cloud-native operations; AI WorkPhoto does not maintain physical servers or hardware infrastructure.
- Customer information and services hosted and secured by AWS, Vercel, and Stripe security frameworks.
- Comprehensive disaster recovery protocols, including complete backups for all customer information.
System Monitoring
- Continuous monitoring using Sentry to quickly detect and address issues.
- Complete logging of all access to AI WorkPhoto applications and production environments.
Information Management
- Data hosted within AWS facilities and through Vercel (powered by AWS).
- Customer information stored securely in isolated environments, with strict logical separation maintained by application-level security controls.
- Systems processing customer data are securely configured following industry-standard security and hardening practices.
- Utilization of trusted subprocessors (AWS, Vercel, Stripe) to assist in securely handling customer data.
Data Transmission
- Complete HTTPS service delivery.
- Encryption of all data transmissions using industry-standard TLS/SSL protocols with 256-bit encryption.
- Confidential data encrypted using AES-256 encryption standards.
Payment Security
- All financial transactions processed securely through Stripe.
Customer Responsibilities
- Secure management of user accounts and organizational information.
- Protection of user credentials and access through secure email practices.
- Compliance with the AI WorkPhoto Terms of Service and applicable regulations.
- Prompt notification to AI WorkPhoto regarding compromised credentials or suspected security incidents.
- Security penetration testing or evaluations require explicit advance written authorization from AI WorkPhoto.
Data Retention and Deletion
We implement strict data retention policies to minimize data exposure:
- Uploaded Photos: Automatically deleted within 7 days of processing completion
- Generated Headshots: Available for download for 30 days, then permanently deleted
- Account Data: Retained until account deletion is requested
- Payment Information: Handled exclusively by Stripe and never stored on our servers
Compliance and Certifications
AI WorkPhoto maintains compliance with:
- Australian Privacy Principles (APPs) under the Privacy Act 1988
- General Data Protection Regulation (GDPR) for European users
- Industry-standard security frameworks and best practices
- SOC 2 Type II compliance through our cloud infrastructure providers
Security Contact
For security-related inquiries, vulnerability reports, or incident notifications, contact us at:
support@aiworkphoto.com
We respond to all security-related communications within 24 hours and take all reports seriously.
This security policy demonstrates our commitment to protecting your data and maintaining the highest security standards for AI WorkPhoto.