AI Survivors
Start My AI Survival Scan
Start a Project
Security & Compliance

Information Security Policy

Last updated: April 2026

AI Survivors takes information security seriously. We apply the same measures we advise our clients — no exceptions for internal use.

Infrastructure

All production systems run on infrastructure within the European Union:

  • European hosting (Germany) for production environments
  • Cloud storage and backups in an EU region with geo-redundancy
  • CDN with integrated DDoS protection

Encryption

Layer Measure
In transit TLS 1.2+ via Let's Encrypt (cert-manager)
At rest AES-256 for stored data
Backups Encrypted storage, end-to-end

Access Control

  • Multi-factor authentication required for all production environments
  • Least-privilege principle: each service has only the permissions it needs
  • Strict separation between development and production environments
  • Service accounts with auto-mounted tokens are disabled

Secrets Management

Secrets (API keys, passwords, certificates) are managed centrally in a secured vault. No hardcoded secrets in code or configuration files, and keys are rotated periodically.

Monitoring & Detection

  • Multi-layer monitoring: infrastructure metrics, application error tracking and centralised logs
  • Real-time alerting for critical events
  • Periodic review of access and audit logs

Backups

  • Daily encrypted backups of all databases to geo-redundant EU storage
  • Weekly automated restore test to verify integrity
  • Continuous transaction logging for minimal data loss on recovery
  • 30-day retention

Security Testing on Every Release

Automated scans run on every release:

  • Static application security testing (SAST)
  • Dependency and secret scanning
  • Dynamic application security testing (DAST)
  • Container vulnerability scanning
  • Periodic Kubernetes hardening checks

Incident Response

In the event of a security incident:

  1. First response within 1 hour (P1 incidents)
  2. Assessment of severity and scope
  3. Notification of data subjects and supervisory authority where GDPR requires it (within 72 hours)
  4. Recovery and root-cause analysis
  5. Documentation and improvements

Reporting Vulnerabilities

Found a vulnerability? See our Responsible Disclosure page for how to report it and what to expect.

Scope

This policy applies to all systems, staff and processors of AI Survivors involved in processing client data and business information.

Detailed Documentation

Detailed architecture documentation and pentest results are available on request under NDA for enterprise customers and auditors. Contact: security@aisurvivors.com.

AI Survivors helps businesses survive and thrive in the age of AI. We design systems, workflows, and training that make teams faster, smarter, and ready for what's next.
LinkedInYouTubeInstagramX
Company
Home
About
Blog
Contact
Systems & Services
View All Systems
AI Agents & Workflows
AI Workshops & Training
AI Act Readiness
Resources
AI Survival Scan
AI Survival Kit
AI Growth Plan
AI Thrive Retainer
Privacy & Cookie Policy
Security & Compliance
Need help adapting to AI?
Email us at hello@aisurvivors.com or start your AI Survival Kit.
© 2026 - AI Survivors — All rights reserved