Security
Last updated: June 12, 2026
How we protect your geometry, results, and account data. We describe only measures that are live in production today.
Encryption
- In transit: all traffic to and within the Service is encrypted with TLS (HTTPS).
- At rest: stored data — geometry, meshes, results, and database records — is encrypted at rest by our storage and database providers.
Tenant isolation
Each customer’s data is logically isolated. Access is scoped to your account, and one tenant cannot read another tenant’s geometry, results, or metadata.
Data residency
Your simulation geometry and results are stored in the European Union (AWS Paris region). A limited set of account and operational metadata is processed by US-based providers under EU Standard Contractual Clauses — see the sub-processor list below and our Privacy Policy.
Access control
Internal access to production systems follows the principle of least privilege and is limited to personnel who need it to operate and support the Service.
Infrastructure & sub-processors
We build on established cloud providers rather than running our own hardware. Each is bound by a data-processing agreement:
| Provider | Role | Location |
|---|---|---|
| Modal | On-demand GPU compute (running simulations) | United States |
| Amazon Web Services (S3) | Storage of geometry, meshes, and simulation results | France (eu-west-3, Paris) |
| Neon | Application database (accounts, metadata, form submissions) | United States (AWS us-east-1) |
| Vercel | Website hosting and content delivery | United States (global edge network) |
Your data is yours
We process your geometry and results only to provide the Service. We do not sell your data and we do not use it to train any model.
Reporting a vulnerability
If you believe you’ve found a security issue, please email security@aviatostudio.com. We welcome responsible disclosure and will work with you to verify and address valid reports. Please give us reasonable time to remediate before any public disclosure.
Working toward more
We continuously strengthen our security program as we grow. For specific compliance requirements (e.g. formal audits, custom controls, on-prem or VPC deployment), contact us at security@aviatostudio.com to discuss Enterprise options.