logo
LoginGet Started
Legal

Trust Security

Welcome to AIRA, where we prioritise your trust and ensure the highest standards of security for your automation journey. As you explore our platform, rest assured that your data, privacy, and overall online experience are at the forefront of our considerations.

Last Modified: 07 June , 2024

Secure your automation journey with AIRA Security:
At AIRA, each product is meticulously designed and developed with a focus on security. Our commitment is evident in our development lifecycle, where automated security scans and red team-style penetration tests are conducted on every build. To further bolster confidence, we submit our releases to independent third-party reviews by Veracode, ensuring that our security is not just trusted but certified.
Privacy at AIRA:
Privacy is a fundamental aspect of our business. We adhere to the Data Protection Regulation, one of the strictest privacy standards, across all our products. Our commitment to GDPR compliance is reflected in AIRA’s intercompany agreements and our global privacy policy, available here. With a dedicated team focused on privacy compliance, we conduct internal privacy assessments before releasing new products and services.
For your convenience, AIRA offers both on-premise and cloud software, allowing you to choose the solution that aligns with your privacy compliance needs. Opt for the AIRA RPA Platform fully on your infrastructure, keeping your data within your environment.
Compliance:
Compliance is a serious commitment at AIRA. We integrate compliance into our processes and encourage our employees and partners to act in accordance with applicable legislation and the AIRA Code of Conduct.
Data Encryption:
AIRA employs top-tier encryption solutions to secure customer data and communications, utilizing the industry-standard AES-256 encryption algorithm and the Transport Layer Security (TLS) v1.2 protocol.
Encryption in Transit:
All interactions with AIRA interface (UI) and APIs are protected by industry-standard HTTPS/TLS protocols, ensuring encryption (TLS 1.2 or higher) across public networks for secure data transmission. For email communications, our product defaults to opportunistic TLS, encrypting and securely delivering emails to prevent eavesdropping between mail servers that support this protocol.
User Authentication:
Users access AIRA only with a valid username and password combination, which is encrypted via TLS while in transmission. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.
Application Security:
Our robust application security model prevser sessions. AIRA uses various security tools to verify security best practices throughout the software development lifecycle (SDLC) with agile scrum.
Internal Systems Security:
Inside of the perimeter firewalls, the systems are safeguarded by network address translation, port redirection, IP masquerading, non-routable IP addressing schemes, and more. The specific details of these features are proprietary.
Operating System Security:
AIRA enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all operating system accounts with strong passwords, and two-factor authentication. All operating systems are maintained at each vendor’s recommended patch levels for security and are hardened by disabling and/or removing any unnecessary users, protocols, and processes.
Database Security:
Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access to production databases is restricted to a limited number of points, and production databases do not share a master password database. All database volumes are encrypted.
Server Management Security:
All data entered into the AIRA application by a customer is owned by that customer. AIRA's employees do not have direct access to the AIRA production environments, except where necessary for system management, maintenance, monitoring, and backups.
Security Development (SDLC):
  1. Secure Code Training:
    1. Regarding our Software Development Policy AIRA performs an Annual secure code training for all engineers, based on OWASP Top 10 security risks.
  2. Framework Security Controls:
    1. ARIA leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.
  3. Quality Assurance:
    1. Our Quality Assurance (QA) department reviews and tests our code base. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
  4. Separate Environments:
    1. Testing and staging environments are logically separated from the Production environment. No Service Data is used in our development or test environments.
  5. Vulnerability Management:
    1. AIRA conducts annual penetration tests to identify and address potential vulnerabilities, reinforcing our commitment to maintaining a secure platform. you can access our Annual Penetration Test Summary on request.
Trust and Security:
At AIRA, we value your trust and take the security of your information seriously. Here are the key aspects of our approach to trust and security:
  1. Data Protection and Privacy:
    1. Adherence to all applicable data protection and privacy laws.
    2. Detailed privacy policy outlining data collection, usage, and protection.
  2. Secure Transactions:
    Industry-standard encryption protocols (SSL) for secure online transactions.
  3. Account Security:
    1. Prioritising the security of your account with strong password recommendations.
    2. Optional multi-factor authentication for an additional layer of protection.
  4. Regular Security Audits:
    Conducting frequent security audits to identify and address potential vulnerabilities.
  5. Phishing and Scam Prevention:
    1. A commitment to never request sensitive information via unsolicited means.
    2. Encouragement to report suspicious activities to our support team.
  6. Responsible Bug Reporting:
    Welcoming users to responsibly disclose security vulnerabilities for continuous improvement.
  7. Child Safety:
    Compliance with child protection laws and a commitment not to knowingly collect personal information from minors without appropriate consent.
For a comprehensive understanding of our commitment to trust and security, please review our detailed Terms of use and Privacy Policy. If you have any questions or concerns, our support team is here to assist you. Contact us at connect@aira.fr.