Trust & Safety

Security

How we protect the systems and data entrusted to us.

1. Security Commitment

Security is foundational to everything we build at AhiLight. We design our systems with security-first principles, recognizing that our enterprise customers depend on us to protect sensitive business operations and data. We continuously invest in security research, tooling, and processes to stay ahead of emerging threats.

2. Infrastructure Security

Our platform is built on security best practices across all layers:

  • All data is encrypted in transit using TLS 1.3 and at rest using AES-256
  • Infrastructure is hosted in SOC 2-compliant data centers with physical security controls
  • Network segmentation and zero-trust architecture limit lateral movement
  • Regular penetration testing and vulnerability assessments by third-party firms
  • Automated security scanning integrated into our CI/CD pipeline

3. Operational Monitoring

We operate 24/7 security monitoring across our infrastructure and applications. Our security operations processes include:

  • Real-time anomaly detection and alerting for suspicious activity
  • Comprehensive audit logging with tamper-evident storage
  • Incident response procedures with defined escalation paths
  • Regular disaster recovery drills and business continuity testing

4. Responsible Disclosure

We encourage responsible disclosure of security vulnerabilities. If you discover a potential security issue in our systems, please report it to us before making it public. We commit to:

  • Acknowledging your report within 48 hours
  • Providing regular updates on our investigation and remediation progress
  • Working with you to understand and resolve the issue promptly
  • Not pursuing legal action against good-faith security researchers

Report vulnerabilities to contact.ahilight@gmail.com. Please include a detailed description of the vulnerability and steps to reproduce it.

5. Security Best Practices

We recommend the following for customers using our platform:

  • Enable multi-factor authentication (MFA) on all accounts
  • Use strong, unique passwords and a password manager
  • Regularly review and rotate API keys and access credentials
  • Apply the principle of least privilege when configuring user roles
  • Keep integrations and connected systems up to date with security patches

6. Continuous Improvement

Security is not a destination but an ongoing commitment. We regularly review and improve our security posture through internal audits, third-party assessments, and staying current with industry best practices and threat intelligence. We publish security advisories when significant issues are identified and resolved.

For security-related questions or concerns, contact our security team at contact.ahilight@gmail.com.