AffixIOAFFIXIO
Contact

Security Trust Center

What security and procurement teams typically review before adopting AffixIO as the truth layer: verification for AI and APIs, architecture, controls, compliance alignment, and how to report issues.

TRUTH LAYER AI VERIFICATION TLS 1.2+ STATELESS VERIFIER SIGNED PROOFS NO PII AT VERIFIER PQC READY GDPR ALIGNED
Encryption in transit All public API and dashboard traffic uses TLS 1.2 or higher with modern cipher suites.
Encryption at rest Operational stores, backups, and configuration data are encrypted at rest in production.
Stateless verification Default architecture avoids creating a standing identity profile cache at the verifier.
Signed yes/no outcomes Verdicts can include cryptographic proofs for audit, replay checks, and downstream validation.
Access control Scoped API keys, role-based dashboard access, MFA for admin paths, and least-privilege operations.
Incident response Documented detection, containment, recovery, and customer notification aligned to DPA timelines.

Security controls at a glance

Control area AffixIO approach
Identity and access Scoped API credentials, RBAC where enabled, MFA for administrative access, periodic access reviews.
Application security Secure SDLC, dependency monitoring, input validation, rate limiting, and periodic penetration testing.
Network security Segmented production networks, private data paths, edge DDoS mitigation, no public admin interfaces.
Data minimisation Verifier boundary designed for yes/no decisions without retaining underlying PII by default.
Logging and audit Immutable admin audit trails, security event logging, and configurable proof metadata retention.
Business continuity Encrypted backups, tested restore procedures, multi-zone deployment where supported.

Compliance and assurance

AffixIO supports enterprise due diligence with privacy and security documentation, including Privacy Policy, Terms, Acceptable Use, and detailed Security documentation. Controls are aligned with common expectations under GDPR/UK GDPR, and practices mapped to SOC 2 and ISO 27001 style control families where applicable.

Responsible disclosure

If you believe you have found a security vulnerability, report it through our Contact Us page with subject line Security disclosure. Include clear reproduction steps and impact. Do not access customer data or disrupt production services.

Security researchers acting in good faith within these guidelines are welcome. Public disclosure should wait until remediation is in place.

security.txt

Machine-readable security contact metadata is published at /.well-known/security.txt for automated discovery by security tools and researchers.

Read full security documentation Procurement pack Evaluation guide Service status Privacy Policy Contact security team