Compliance & Security
TechManager AI is committed to security and supporting your compliance requirements
Aiivars LLC, an Arizona limited liability company doing business as TechManager AI, is committed to maintaining robust security practices and supporting our customers' compliance requirements.
Security Standards
TechManager AI implements security controls aligned with industry standards:
- SOC 2 Type II - Controls implementation in progress
- HIPAA - Designed to support HIPAA-aligned workflows; Business Associate Agreement (BAA) available upon request for qualifying customers
Note: Compliance is a shared responsibility. Our platform provides tools and controls to support your compliance efforts, but achieving compliance depends on how you configure and use our services.
Data Protection
We implement comprehensive security measures including:
- End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
- Multi-factor authentication (MFA)
- SSO integration via OAuth 2.0 / OIDC / SAML
- Security audits and penetration testing (planned)
- Complete audit trails and logging
- Role-based access control (RBAC)
Data Isolation
Customer data is logically isolated using row-level tenant and user-level security:
- Row-level tenant isolation — each organization's data is scoped and enforced at the database level
- User-level access controls — permissions are enforced per user within each organization
- No cross-tenant data access — queries are restricted to the authenticated tenant's data
- Encrypted at rest (AES-256) and in transit (TLS 1.3)
Privacy Law Support
Our platform is designed to support compliance with applicable privacy laws, including CCPA/CPRA:
- We do not sell personal information
- Tools to support data subject access requests (DSAR)
- Data export and deletion capabilities
- Non-discrimination for exercising privacy rights
On-Premise Deployment
For customers requiring complete data sovereignty, on-premise deployment with private LLM options is coming soon. Contact us to learn more or join the waitlist.
Incident Response
We will notify affected customers within 72 hours of discovering any security incident affecting their data, in compliance with applicable breach notification laws. Enterprise customers may have access to dedicated incident response SLAs.
Responsible Disclosure Policy
We value the security research community and encourage responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to us:
- Email: security@techmanager.ai
- Please include detailed steps to reproduce the issue
- Allow us reasonable time to investigate and address the issue before public disclosure
- Do not access or modify data belonging to other users
We will acknowledge receipt of your report within 48 hours and work with you to understand and resolve the issue promptly.
Subprocessors
We use the following third-party subprocessors to deliver our services:
| Subprocessor | Purpose | Location | HIPAA BAA |
|---|---|---|---|
| Infrastructure & Hosting | |||
| Google Cloud Platform | Cloud infrastructure, hosting, data storage, CDN | USA | ✓ Available |
| Amazon Web Services (SES) | Transactional and notification emails | USA | ✓ Available |
| AI & Machine Learning | |||
| Google Gemini | AI engine powering the TechManager AI platform | USA | ✓ Available |
| Communications | |||
| Telnyx | Phone calls, SMS messaging, fax services | USA | ✓ Available |
| Google Meet | Video conferencing, customer calls | USA | ✓ Available |
| Productivity & Business | |||
| Google Workspace | Email (Gmail), documents, calendar, drive storage | USA | ✓ Available |
| Stripe | Payment processing, billing, subscriptions | USA | ✓ Available |
| Cal.com | Meeting scheduling (B2B sales only) | USA | N/A - No PHI |
| Monitoring & Security | |||
| Google Cloud Monitoring | Infrastructure monitoring, alerting, uptime checks | USA | ✓ Available |
| Analytics & Marketing | |||
| Google Analytics | Website analytics (marketing site only) | USA | N/A - No PHI |
| Google Tag Manager | Tag management (marketing site only) | USA | N/A - No PHI |
Note: Google Analytics, Google Tag Manager, and Cal.com are used only on our public marketing website or for B2B scheduling and do not process Protected Health Information (PHI).
For HIPAA-covered customers, we execute Business Associate Agreements (BAAs) with all subprocessors that may access PHI. We will notify customers of any material changes to our subprocessor list with at least 30 days' notice.
Enterprise customers may request the complete subprocessor list with additional details by contacting security@techmanager.ai.
International Customers
For customers outside the United States requiring Data Processing Agreements (DPA), please contact us at privacy@techmanager.ai.
Contact
For compliance, security, or data protection questions:
Security Team: security@techmanager.ai
Privacy/DPO: privacy@techmanager.ai
Legal: legal@techmanager.ai
Company: Aiivars LLC