The platform we trust to run our own incidents.
AirTee.ai runs its own resilience programme inside AirTee.ai. Here's the posture, the sub-processors, and the documents you need for procurement.
Where we stand today.
Compliant. DPA available on request — see contact below.
Controls aligned with HIPAA Security Rule for healthcare deployments.
In progress. Type II audit window opens Q2.
Implementation underway; certification target end of next FY.
Platform supports customer compliance and is itself in-scope as a critical ICT provider.
Available for regulated customers; UK/EU/US residency.
Engineering controls, in plain English.
- ▍Encryption in transit (TLS 1.3) and at rest (AES-256).
- ▍SSO via SAML and OIDC; SCIM provisioning.
- ▍Role-based access; least-privilege by default.
- ▍Penetration testing quarterly by an independent third party.
- ▍Incident response runbook published — and run on AirTee.
- ▍Sub-processor list maintained at /security and updated 30 days before changes.
Site security & privacy.
How airtee.ai itself is hardened, what we collect, and how cookies and analytics work — all on a dedicated page so you can audit it without scrolling. Read the site security & privacy page →
Need our DPA or sub-processor list?
Email security@airtee.ai or use the contact form. Most procurement requests turn around in 24 hours.