Security

• Hosted on Microsoft Azure HIPAA-eligible cloud services with 99.99% SLA
• Azure Sentinel SIEM for real-time threat detection and automated response
• Microsoft Defender for Cloud providing continuous security posture management
• Geo-redundant backups with point-in-time recovery capabilities
• DDoS protection and Web Application Firewall (WAF) on all public endpoints

• AES-256 encryption for all data at rest across storage and database layers
• TLS 1.3 encryption for all data in transit between clients and servers
• Role-based access control (RBAC) enforcing principle of least privilege
• Multi-factor authentication (MFA) required for all user and admin access
• API authentication using short-lived tokens with automatic rotation

• 24/7 security monitoring with automated alerting and incident response
• Comprehensive audit trails for all data access, modification, and deletion events
• Regular penetration testing by independent third-party security firms
• Quarterly vulnerability assessments and remediation tracking
• Annual SOC 2 Type II audits through Azure infrastructure

• Automated daily backups with 30-day retention and geo-redundant storage
• Data loss prevention (DLP) policies preventing unauthorized data exfiltration
• Secure data disposal procedures with cryptographic erasure
• Network segmentation isolating PHI from non-sensitive workloads
• Incident response plan with defined SLAs for containment and notification

If you discover a security vulnerability, please report it to our security team at CMO@Aerolib.com. We take all reports seriously and will respond within 24 hours. We do not pursue legal action against researchers who act in good faith.