Trust Center

Security & Trust

How we protect your data and the infrastructure that powers AAMOS.

Compliance Certifications

ISO 27001
SOC 2 Type II
GDPR
EU AI Act

Security Controls

Encryption in Transit

All API communications are encrypted using TLS 1.3. Older protocol versions are not accepted. Certificate management is automated via Let's Encrypt.

Encryption at Rest

All stored data — including customer-submitted content and database records — is encrypted at rest using AES-256 via AWS KMS.

Access Control

Production infrastructure access is restricted to named individuals via hardware MFA. Role-based access control enforces least-privilege throughout. All access is logged.

Network Security

Infrastructure runs in isolated VPCs with no public inbound access except API endpoints. Security groups are managed as code and reviewed quarterly.

Penetration Testing

Annual third-party penetration tests are conducted by qualified security firms. Findings are tracked to remediation. Summaries available to enterprise customers on request.

Incident Response

A documented incident response procedure is maintained and tested bi-annually. All security incidents are reviewed post-closure and documented for improvement.

Bug Bounty Program

We operate a responsible disclosure program. We do not currently run a paid bug bounty, but we acknowledge and credit researchers who report valid vulnerabilities. See our responsible disclosure guidelines below.

Responsible Disclosure

If you discover a security vulnerability in AAMOS infrastructure or our API, please report it to us privately before public disclosure. We commit to:

Initial acknowledgement24 hours for critical
Triage and severity assessment72 hours
Fix timeline (critical)7 days
Fix timeline (high)30 days
Coordinated disclosure90 days after report

Email: security@landvex.com
PGP key available on request. Please include a proof of concept and impact assessment.