1. Core Principles
AIROVIA’s approach is based on internationally recognized practices and applicable legal requirements. We aim to process data lawfully, transparently, and proportionately to the engagement objective.
- Minimization: collect only what is necessary for engagement and operational communication.
- Purpose limitation: use data only for stated and legitimate purposes.
- Security: apply controls to reduce unauthorized access and misuse.
- Accountability: maintain oversight, logs, and governance records where appropriate.
2. Security Controls (High-Level)
Control selection depends on deployment scope and risk profile. For sensitive engagement contexts, AIROVIA may apply enhanced controls aligned with recognized information security frameworks.
- Access control and least-privilege administration
- Secure authentication and credential management
- Encryption in transit and (where applicable) at rest
- Logging, monitoring, and security alerting for critical systems
- Change control and configuration management
3. Vendor and Subprocessor Management
Where service providers are used for hosting, communications, or operations support, AIROVIA applies vendor due diligence commensurate with the engagement context, including confidentiality obligations and appropriate safeguards.
- Supplier selection based on security posture and reliability
- Contractual obligations for confidentiality and data handling
- Controlled access pathways and limited disclosure
4. Incident Response
AIROVIA maintains an incident response approach intended to identify, contain, and remediate security events. Where legally required, notifications will be made to relevant stakeholders and/or competent authorities.
- Event triage, containment, and remediation
- Root cause analysis and corrective actions
- Stakeholder communications aligned with legal requirements
5. Retention and Disposal
Data is retained only for as long as necessary to support engagement, meet compliance obligations, or resolve disputes. Disposal methods are designed to prevent unintended recovery.
6. Data Subject Requests
Subject to applicable law, individuals may request access, correction, deletion, or restriction of personal data. Requests can be submitted to info@airovia.io.
7. Public Sector and Utility Engagement
Where engagement relates to government or utility programs, additional governance and audit expectations may apply. AIROVIA is prepared to align documentation, access controls, and reporting practices with institutional requirements as part of a formal engagement process.