AICS is a security product, so the security of your data is something we take personally. Here is exactly what we do and do not do with your information.
Our authentication system stores passwords using one-way cryptographic hashing. We never store or have access to your plaintext password. Nobody at AICS can read your password, as the process is mathematically irreversible.
When we check if your email has appeared in a breach, we use a k-anonymity approach. Only a short anonymised fragment of a hash is sent to our breach intelligence provider. Your full email address is never transmitted to any external service.
Every connection to AICS uses TLS (HTTPS). Data in transit between your browser, our servers, and our infrastructure providers is always encrypted. We enforce HTTPS with strict transport security headers.
Your account and scan data is stored on our secure infrastructure hosted within the United Kingdom or European Union. We do not transfer your personal data outside of GDPR-adequate jurisdictions.
All payments are processed by a PCI-DSS Level 1 certified payment provider. We only receive a customer reference and subscription status. Full card numbers, CVVs, and bank details never pass through or are stored on our servers.
Your personal data is never sold, rented, or traded to any third party for any commercial purpose, including advertising or marketing. We use your data solely to operate and improve the AICS service.
Our optional deeper dark web database search is an opt-in paid feature. We require your explicit consent before performing this search, and we maintain an audit log of all such requests for transparency and accountability.
When you submit a URL or file hash for threat analysis, we send only the URL or hash to our scanning engine. No personal account data is included. Results are returned and displayed in the app; we do not store the scanned content.
You can delete your AICS account at any time from your Account page. On deletion, your profile, identifiers, and scan history are permanently removed from our active systems within 30 days. Residual backups are purged on their normal rotation cycle.
Access to your data within our systems is restricted to authorised operations only. We maintain internal access controls, role separation, and audit logs. No AICS employee or contractor can access your account data without a documented technical reason.
We strongly recommend enabling two-factor authentication (2FA) on your AICS account. You can set this up in your Security settings. With 2FA enabled, your account remains protected even if your password is ever compromised.
To deliver the AICS service, we work with a small number of carefully selected sub-processors: a secure infrastructure provider for authentication and data storage (UK/EU hosted); a PCI-DSS Level 1 certified payment processor for handling subscription and one-time payments; a breach intelligence provider for email breach lookups using privacy-preserving hashing; an optional dark web database for consent-based deeper searches; and a transactional email provider for delivering scan results and security alerts. Each provider is contractually bound to protect your data and process it only as directed by AICS. Full details are available in our Privacy Policy.
If you discover a security vulnerability or have a concern about how we handle data, please contact us immediately at info@aics.solutions. We take all security reports seriously and will respond promptly.