Security & Data Processing

Last Updated: February 20, 2026

This page describes AI University's security practices and data processing commitments.

1. Security Program Overview

We maintain a risk-based security program designed to protect confidentiality, integrity, and availability of customer data.

2. Infrastructure Security

  • Cloud-based infrastructure with hardened environments.
  • Network firewalls and segmentation.
  • DDoS protection.
  • Continuous monitoring.

3. Encryption

  • Data encrypted in transit (TLS).
  • Data encrypted at rest.
  • Secure key management.

4. Access Controls

  • Role-based access.
  • Least-privilege principles.
  • Multi-factor authentication for internal systems.
  • Logging and auditing of administrative access.

5. Application Security

  • Secure development lifecycle.
  • Code reviews.
  • Dependency scanning.
  • Automated testing.
  • Regular vulnerability assessments.

6. Incident Response

We maintain an incident response plan that includes:

  • Detection and containment.
  • Investigation.
  • Remediation.
  • Notification where legally required.

7. Data Processing

We process customer data solely to:

  • Provide the Services.
  • Maintain security.
  • Support operations.

We do not use private customer data to train third-party models.

8. Subprocessors

We use vetted subprocessors (cloud providers, analytics, payment processors). Each is contractually required to protect data.

A current subprocessor list is available at theaiuniversity.com/subprocessors.

9. Data Isolation

Customer data is logically isolated across environments.

10. Retention & Deletion

Customer data is retained per contractual and legal requirements. Upon request or account termination, data is deleted within a reasonable period.

11. International Data Protection Frameworks

Our security and privacy controls are designed to support compliance with:

  • GDPR (EU).
  • UK GDPR.
  • CCPA/CPRA (California).
  • Other applicable U.S. state privacy laws.

Our program aligns with principles from SOC 2 and ISO 27001 (control-aligned practices). Formal certifications may be pursued over time.

12. Customer Responsibilities

Customers are responsible for:

  • Account security.
  • Lawful data usage.
  • Reviewing outputs.
  • Configuring agents responsibly.

13. Audits & Assessments

Security reviews and internal assessments are conducted periodically.

14. Contact

For security inquiries: security@theaiuniversity.com

These policies are intended to describe our practices and do not constitute legal advice.