Security & Trust Center
Your data security and privacy are our top priorities. Learn how we protect your sensitive financial information.
Our Security Commitment
AetherStax implements enterprise-grade security measures to protect your personal and financial information. We use industry-leading encryption standards and follow strict compliance protocols to ensure your data remains confidential and secure.
End-to-End Encryption
All sensitive data encrypted using AES-256-GCM, the same standard used by banks and government agencies.
Secure Infrastructure
Hosted on SOC 2 Type II and ISO 27001 certified infrastructure with 24/7 monitoring and automated threat detection.
Compliance Ready
GDPR compliant with regular security audits and penetration testing to maintain the highest standards.
Encryption Standards
Data at Rest
All personally identifiable information (PII) including Social Security Numbers, Employer Identification Numbers, and bank account details are encrypted using AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) before being stored in our database. This authenticated encryption provides both confidentiality and integrity protection.
Data in Transit
All data transmitted between your browser and our servers is protected using TLS 1.3 (Transport Layer Security), ensuring that your information cannot be intercepted or tampered with during transmission.
Document Storage
All uploaded documents (bank statements, tax returns, financial records) are encrypted using the same AES-256-GCM standard and stored locally with secure access controls. Files are automatically encrypted before writing to disk and decrypted only when authorized users request access.
Secure Deletion
When documents are deleted, we perform a 3-pass overwrite to ensure the data cannot be recovered, exceeding industry standards for secure file deletion.
Compliance & Certifications
SOC 2 Type II
Our infrastructure provider maintains SOC 2 Type II certification, demonstrating compliance with strict security, availability, and confidentiality standards through independent audits.
ISO 27001
ISO 27001 certified infrastructure ensures our information security management system meets international standards for protecting sensitive data.
GDPR Compliance
We comply with the General Data Protection Regulation (GDPR), giving you control over your personal data with rights to access, correct, and delete your information.
Regular Audits
We conduct regular security audits and penetration testing to identify and address potential vulnerabilities before they can be exploited.
Data Handling Policies
Data Collection
We collect only the information necessary to process your loan application and connect you with lenders. This includes business information, financial details, and contact information. We never sell your data to third parties.
Data Sharing
Your application data is shared only with lenders you choose to work with through our secure Zoho CRM integration. Lenders receive decrypted information through encrypted channels and are bound by their own privacy policies and regulatory requirements.
Data Retention
We retain your application data for 7 years to comply with financial record-keeping requirements. You may request deletion of your data at any time, subject to legal and regulatory obligations.
Access Controls
Access to sensitive data is restricted to authorized personnel only. All access is logged and monitored. Administrative actions are tracked in an immutable audit log for compliance and security purposes.
Security Contact
Report a Security Issue
If you discover a security vulnerability or have concerns about our security practices, please contact our security team immediately.
Email: [email protected]
We follow responsible disclosure practices and will respond to security reports within 48 hours. We appreciate the security research community's efforts to help keep our platform secure.
Responsible Disclosure Policy
We welcome reports from security researchers and users who discover potential vulnerabilities. To protect our users, we ask that you:
- Report vulnerabilities privately to [email protected] before public disclosure
- Allow us reasonable time to investigate and address the issue
- Avoid accessing, modifying, or deleting other users' data
- Do not perform actions that could harm our service availability
In return, we commit to acknowledging your report within 48 hours, keeping you informed of our progress, and publicly crediting you (if desired) once the issue is resolved.