AIROVIA

Data Protection

Last updated: January 3, 2026

1. Core Principles

AIROVIA aligns its approach with recognized practices and applicable legal requirements, with an emphasis on processing data lawfully, transparently, and proportionately to the engagement objective.

  • Minimization: collect only what is necessary for engagement and operational communication.
  • Purpose limitation: use data only for stated and legitimate purposes.
  • Security: apply controls to reduce unauthorized access and misuse.
  • Accountability: maintain oversight, logs, and governance records where appropriate.

2. Security Controls

Control selection depends on deployment scope and risk profile. For sensitive contexts, AIROVIA may apply enhanced controls aligned with recognized information security frameworks.

  • Access control and least-privilege administration
  • Secure authentication and credential management
  • Encryption in transit and, where applicable, at rest
  • Logging, monitoring, and alerting for critical systems
  • Change control and configuration management

3. Vendor and Subprocessor Management

Where providers are used for hosting, communications, or operational support, AIROVIA applies vendor diligence proportionate to the engagement context, including confidentiality obligations and appropriate safeguards.

  • Supplier selection based on security posture and reliability
  • Contractual obligations for confidentiality and data handling
  • Controlled access pathways and limited disclosure

4. Incident Response

AIROVIA maintains an incident response approach intended to identify, contain, remediate, and review security events. Where legally required, stakeholders or competent authorities will be notified.

  • Event triage, containment, and remediation
  • Root cause analysis and corrective actions
  • Stakeholder communication aligned with legal requirements

5. Retention and Disposal

Data is retained only as long as needed to support engagement, meet compliance obligations, or resolve disputes. Disposal methods are intended to prevent unintended recovery.

6. Data Subject Requests

Subject to applicable law, individuals may request access, correction, deletion, or restriction of personal data. Requests can be sent to info@airovia.io.

7. Public Sector and Utility Engagement

Where engagement relates to government or utility programs, additional governance and audit expectations may apply. AIROVIA is prepared to align documentation, access controls, and reporting practices with those institutional requirements during formal engagement.