Security Policy

At Autirra, we take the security and confidentiality of your data seriously. This Security Policy describes the technical and organizational measures we apply to protect documents and information processed through our AI-powered document extraction platform.

Scope

This policy applies to all users of the Autirra platform and covers data uploaded by customers (such as PDFs, Excel, CSV files and text prompts), metadata generated by the system, and internal administrative accounts used to operate the Service.

Infrastructure & Data Hosting

Autirra is hosted on reputable cloud infrastructure providers with strong industry security practices.

Data is stored and processed in secure data centers with physical access controls, network protection and monitored environments.

We leverage managed services (e.g. storage, databases, logging) to reduce the operational risk of self-managed infrastructure.

Access Management

Access to production systems and customer data is restricted to a small number of authorized personnel and granted on a least-privilege basis.

Strong authentication and role-based access controls (RBAC) are used wherever possible.

Access permissions are reviewed periodically, and access is revoked when it is no longer required (e.g. role changes, offboarding).

Data Protection & Confidentiality

Customer documents and extracted data are treated as confidential. We do not sell or share this data with third parties for advertising or profiling.

Uploaded documents are used solely to provide and improve the Service (for example, generating structured output, logs or troubleshooting issues).

We recommend users avoid uploading documents that contain more personal data than necessary for the intended processing.

Encryption

Data in transit between your browser and our servers is protected using HTTPS (TLS).

Where supported by the underlying cloud provider, stored data (at rest) is encrypted using industry-standard encryption mechanisms.

Access credentials, API keys and other secrets are stored securely and are not hard-coded into application code.

Use of AI & Third-Party Processors

To provide AI-powered document understanding, Autirra may use trusted third-party AI providers to process text extracted from your documents.

When doing so, we transmit only the information necessary to perform the requested extraction or transformation.

We select third-party processors that maintain appropriate security practices and data protection commitments.

Logging, Monitoring & Threat Detection

We maintain technical logs for key events (such as system errors, authentication events and high-level usage metrics) to help detect abnormal behavior and to troubleshoot issues.

Automated monitoring is used to watch for service instability and unusual patterns that could indicate attacks or misuse.

Security-relevant dependencies are reviewed and updated on a regular basis to address known vulnerabilities.

Incident Response

If we become aware of a security incident that affects the confidentiality, integrity or availability of customer data, we will investigate promptly and work to contain and remediate the issue.

Where required by applicable law, and where we have your contact information, we will notify affected customers without undue delay and provide relevant information about the incident and recommended steps.

Data Retention & Deletion

Customer documents are retained only for as long as necessary to provide the Service, comply with legal obligations, or for limited diagnostic purposes (for example, investigating a support request).

Upon request and where technically feasible, we will delete or anonymize customer data in line with applicable legal requirements.

Aggregated or non-identifiable information may be retained for analytics, service improvement and reliability monitoring.

User Responsibilities

You are responsible for controlling who in your organization has access to your Autirra account and for maintaining strong, unique passwords.

You should ensure that the data you upload complies with your own legal and regulatory obligations, including data protection and confidentiality requirements.

We encourage you to avoid sharing account credentials and to enable additional security measures (such as password managers and internal access policies).

Policy Updates

We may update this Security Policy from time to time to reflect improvements in our security practices, changes in our infrastructure, or updates to applicable laws and regulations.

The latest version of this policy will always be available on our website. Continued use of the Service after changes are published constitutes acceptance of the updated policy.