Legal

Airship Security Measures

For the Airship and the Apptimize Service

Date: November 1, 2024

Changes have been made to add additional details as to the Airship security controls and to add security measures related to Generative AI functions in the Airship Service.  Link to Previous Version

Airship shall maintain appropriate technical and organizational measures for the Service to ensure a level of security appropriate to that risk, including, the measures described in this document (the “Security Measures“). Airship may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service.

1. Definitions

Airship” means Airship Group, Inc. and its operating divisions, subsidiaries, affiliates and branches.

Customer Data” means electronic data and content processed by Airship via the Service or provided to Airship by or for Customer via the Service.

Data Breach” means a breach of security of the Service leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, Customer Data in the Service.

Service” means the Airship Service, the Apptimize Service (“Apptimize”), and any other services or functionalities related to either the Airship Service or Apptimize.

SOC2 Report” means a confidential Service Organization Control (SOC) 2 Type II report (or a comparable report) on the Service examining logical security controls, physical security controls, and system availability, as produced by a Third-Party Auditor in relation to the Service.

Third Party Auditor” means an Airship-appointed, qualified and independent third-party auditor.

Any other terms not defined herein shall have the meaning provided in the Agreement entered into with the Customer.

2. Information Security Program and Attestations 

Airship maintains a robust information security program aligned with industry best practices (NIST, ISO 27001:2022) that includes the adoption and enforcement of internal policies and procedures. This program encompasses threat intelligence, vulnerability management, incident response, and continuous monitoring and improvement, designed to (a) satisfy these Security Measures, (b) identify reasonably foreseeable security risks and unauthorized access to the Service, and (c) minimize security risks, taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of processing, and the risk of varying likelihood and severity for the rights and freedoms of natural persons.  A Third-Party Auditor assesses the Airship Service (which includes mobile app, email, API, and SMS solutions, and Apptimize)  annually for compliance with the SOC 2 Type II availability, confidentiality, and security trust principles. The Third-Party Auditor issues a SOC2 Report, which is available to the Customer upon request under signed NDA. The Airship SOC2 Report includes the cloud provider subprocessors used by Airship, but not the other subprocessors.

3. Access Controls

(a) Data Center Access Controls.

  • Leading Cloud Data Centers.  Airship uses Cloud Platform (Google Cloud)  or for certain Airship customers, depending on location or the Airship services subscribed to,  Amazon Web Services (AWS), to provide infrastructure services to host and operate the Service.  By using Google Cloud’s Trusted Infrastructure or AWS’s Security, Identity, and Compliance Service, Airship is able to take advantage of their sophisticated security environments.
  • Physical Access Control. The cloud data centers used to provide the Service are Tier 4 certified, ISO 27001, and SOC 2 Type II certified computing facilities. These cloud data center facilities maintain on-site security operations responsible for all physical data center security functions 24 hours a day, 7 days a week, with CCTV monitoring and access controls. The CCTV monitoring footage is kept for 90 days.

(b) Logical and Data Access Controls.

Infrastructure Security Personnel. Airship’s dedicated infrastructure security team is responsible for the ongoing monitoring of Airship’s security infrastructure, review of the Service, and security incident response.

Privilege Management. Airship personnel with access to the Airship customer account or technical management systems are required to authenticate themselves via logical access controls with multi-factor authentication in order to administer the Service. Any access to customer data by an Airship representative is logged and tracked in real time, with oversight from the security team. In addition, Airship has implemented these additional privilege management measures:

  • Internal Data Access Processes and Policies. Airship’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process data in the Service. 
  • Access Management. Airship employs a centralized access management system to control personnel access to production servers for the Service to a limited number of authorized personnel. Central network-based authentication systems are designed to provide Airship with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information for the Service. Airship requires the use of unique user IDs, strong passwords, two factor authentication and access lists for Airship personnel to access the Service. Airship personnel are granted access rights to the Service based on: (i) the authorized personnel’s job responsibilities; (ii) job duty requirements necessary to perform authorized tasks based on least privilege; and (iii) a need-to-know basis. The granting or modification of access rights must be performed in accordance with Airship’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Log-ins to the Service are logged into the Security Information and Event Management system (SIEM).
  • Access Controls.  Security events for the Service, including login failures, use of privileged accounts, changes to access models or file permissions, modifications to installed software or operating systems, changes to user permissions or privileges are logged on the relevant systems.  Logs are generated through monitoring and alerting systems, and are held from 30 days to 1 year, depending on the system. Airship implements Zero Trust principles, assuming that every access request, whether internal or external, could be a potential threat.

(c) Remote Access

Airship enforces secure remote access practices, including the use of multi-factor authentication (MFA) for all remote connections and virtual private networks (VPNs).

4. Network Security

(a) Data Transmission. Airship makes HTTPS encryption (also referred to as TLS connection) available for data in transit to or from the Service. Clear text HTTP connections to the Service are disabled by default. Airship employs network segmentation to isolate sensitive data and limit the impact of potential incidents.

(b) Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. The intrusion detection measures used by Airship involve:

  • controlling the size and make-up of Airship’s attack surface through preventative measures;
  • employing intelligent detection controls at data entry points; and
  • employing technologies that automatically remedy certain dangerous situations.

Network traffic is continuously monitored and analyzed using advanced tools to detect and respond to anomalies and potential threats. Airship also implements robust DDoS protection and mitigation strategies to ensure service availability.

5. Application Security

(a) Software Development. Airship follows a secure Software Development Lifecycle (SDLC) that includes threat modeling, secure coding practices, and rigorous security testing (SAST, DAST, IAST). This code is reviewed and approved based on peer review prior to staging the code.  All development for the Service is based on the SDLC model in accordance with Airship’s development policies.

(b) Standards Compliance. Airship adheres to an “out of the box” default security standard in alignment with OWASP Top 10 best practices, CIS controls, and SOC2 Type II principles.

(c) Data Integrity.  Measures are in place to prevent corruption of stored Customer Data due to a malfunctioning of the Service. These include: patch management, change control procedures, QA testing prior to release, ACID compliant databases, and logging of all changes to production systems for the Service.

(d) Data confidentiality. Airship has implemented measures to encrypt data in-transit, and at-rest. In addition, Airship uses data pseudonymisation as needed to comply with customer requirements and regulations.

(e) In-Application Security. Robust application security measures Airship offers include Multi-Factor Authentication (MFA), Single Sign-On (SSO), Role Based Access Control (RBAC), configurable password complexity, segregation of duties, logical separation of customer data, and exportable event logs.

Airship recognizes the importance of software supply chain security and takes steps to verify the integrity and security of third-party components and dependencies.

6. Operational Security

(a) Redundancy. Airship infrastructure systems are designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. To provide this redundancy, Airship uses dual circuits, switches, networks and other necessary components. Airship leverages Infrastructure as Code (IaC) practices for consistent and secure provisioning and management of infrastructure, with appropriate security controls applied to IaC pipelines and repositories.

(b) Server Operating Systems. Airship servers use Server Operating System based implementation customized for the application environment. Industry best practice hardening standards, including CIS benchmarks, are used. Data in the Service’s production environment is stored using whole disk AES256. 

(c) Business Continuity. Airship replicates critical data over multiple systems and locations to help protect against accidental destruction or loss of data in the Service. Airship has established a baseline RPO and RTO, which is available upon request with a signed NDA. At least on a daily basis, Airship backs up to a separate cloud region from the region used for the Service production servers. Replicated data is stored at rest in AES256 encrypted format. Airship has formal documented recovery plans to identify the resources and specify actions required to help minimize losses in the event of a disruption to the business unit, support group unit, application, or infrastructure component. Plans assure timely and orderly recovery of business, support processes, operations, and technology components within an agreed upon time frame and include orderly restoration of business activities when the primary work environment is unavailable. Airship has implemented and regularly tests its business continuity planning/disaster recovery programs. 

(d) Vulnerability Management. Airship Infrastructure as a Service (IaaS) and Operating Systems (OS) are scanned regularly for vulnerabilities, in conformance with Airship’s security policies and industry standards. Patch Management processes are in place to respond to and remediate findings from Airship managed scanning, 3rd party testing, and the public Bug Bounty Program. Patching is performed in a timely manner in conformance with Airship’s security policies and industry standards.

7. Customer Data

(a) Data Storage and Separation. Customer Data is stored in a multi-tenant environment on public cloud servers. Airship logically separates Customer Data in the Service and conducts tests at least annually to confirm logical separation.

(b) Data minimization. Airship makes available to Customers via the Service capabilities to determine the types of data to be collected based on the processing purposes defined by the Customer.  These capabilities include the option to disable data collection in order to prevent collection of any data (with the exception of the data collection opt-in status). In addition, Airship will keep data only as long as necessary in accordance with the Airship Data Retention Schedule

(c) Data Retention and Deletion.  Airship makes available data deletion functionalities directly in the Airship API. Airship will delete all Customer Data in the Service production servers 90 days after termination of Customer’s contract.  In addition, certain Customer Data stored in Airship Service will be deleted on an ongoing basis in accordance with the Airship Data Retention Schedule. Backup data is stored in AES256 format and deleted in 7 days.  

(d) Data Portability. For accounts that do not have Airship’s Real-Time Data Streaming (RTDS), Airship makes available to Customers data export functionalities for certain metadata directly in the various Airship API services offering endpoints. For these types of accounts, Airship can provide assistance for more robust data export requests via requests to Airship Support.  Accounts with Airship’s Real-Time Data Streaming (RTDS) service also have the ability to export more granular data throughout the lifetime of the service. All data exported from Airship API’s are in the open-source JSON format. Airship Support can assist with special data export requests (E.g. Legal Holds and Legal Exports).

(e) Localized Data Hosting. By using the Service, Customer consents to storage of Customer Data in the United States or in the European Union, as follows. If the Customer has selected the United States data center location for the Airship Service or Apptimize, all Customer Data stored is located in the United States. If Customer has selected the European Union as the data center location for the Airship Service or Apptimize, all Customer Data is located in the European Union.  Live Customer Data is not replicated back and forth between the EU and US data center data set. Customer Data may be transferred to and accessed from the Airship subsidiaries locations for technical support, error fixes, and other product related services.

(f) Pseudonymization and Encryption. Airship will ensure data is encrypted during transmission to and from the Service. In addition, Airship will keep all data encrypted at rest with Whole Disk Encryption using AES 256 standard.  The Service includes additional measures that Customers can configure in order to reduce direct references to persons during processing where it is possible to associate data with a specific person only if additional information is included. Airship has put in place appropriate technical and organizational measures to keep the pseudonymized information separate from the additional information.  It is the Customer’s responsibility to elect to use these additional measures for pseudonymization of personal data processed in the Service.  (g) Restoring data from data loss. Airship has policies and procedures for backups of Customer Data. Airship’s relational databases and NoSQL data stores are automatically backed up in a secure fashion on both daily and weekly schedules. Should a data loss event occur, Airship will be able to recover data contained in these backups. Backups are  protected using industry best practices.

8. Data Breach Management

If Airship becomes aware of a Data Breach, Airship will notify Customer of the Data Breach within a period not to exceed 48 hours from confirmation of the Data Breach.  Airship will take reasonable steps to minimize harm and secure Customer Data. Notification(s) of any Data Breach will be delivered to the email address provided by Customer in the Agreement or in the administration console of the Service. Customer acknowledges that it is solely responsible for ensuring that the contact information set forth in the Agreement (or in the administration console of the Service) is current and valid. Customer agrees that “Data Breaches” do not include: (i) unsuccessful access attempts or similar events that do not compromise the security or privacy of Customer Data, including pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems; or (ii) breach of security of systems outside of Airship’s control where Airship is not itself made aware of a data breach.

9. Personnel Security

(a) Background Checks.  Airship conducts employee background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.

(b) Employee Training. Airship employees are required to (a) execute a confidentiality agreement; (b) undergo annual security training, and (c) if handling Customer Data, complete additional requirements appropriate to their role.

(c) Employee Code of Conduct. Airship employees are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.

10. Privacy by Design

Airship employs Privacy by Design and Privacy by Default principles in its development and operations processes.

11. Authorized Subprocessors

(a) Subprocessor Security. Prior to onboarding subprocessors, Airship conducts a selection process to evaluate the subprocessors’ security, privacy, data protection, and confidentiality practices and to assess that subprocessors provide a level of security, data protection, and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Where applicable, Airship enters into data protection agreements providing equivalent obligations as those required from Airship as set forth in the Airship Data Processing Addendum. Subprocessors are re-authorized upon contract renewal or on an annual basis.

(b) Subprocessor List. A current list of Airship’s Subprocessors is available here.

12. Security Measures Specific to Generative AI Features of the Airship Service

Airship recognizes the unique security challenges and risks associated with the use of Generative AI technologies. To address these risks, Airship implements the following AI security measures as to the Generative AI functions in the Airship Service:

  • Data Security: Airship protects the confidentiality, integrity, and availability of data used for Artificial Intelligence or Machine Learning model (“AI/ML Model”) training and inference, including Customer Data and any other  proprietary Customer information.
  • Model Security: Airship implements measures to protect AI/ML Models from unauthorized access and tampering. This includes secure storage, access controls, and version control for AI/ML Models.
  • Robustness and Resilience: Airship designs AI/ML Models to be resilient against adversarial attacks and unexpected inputs. Regular testing and monitoring are performed to ensure AI/ML Model security.
  • Bias and Fairness: Airship is committed to mitigating bias and ensuring fairness in AI/ML Models. This includes careful selection of training data, monitoring for bias, and implementing techniques to address any identified biases.
  • Privacy: Airship ensures that AI/ML Models are designed and deployed in a privacy-protecting manner, respecting user privacy and complying with applicable data protection regulations.

Additional Standards Specific to Generative AI Function using the Google Gemini/Vertex AI/ML Models:

  • Airship leverages the built-in security features provided by Google for the Gemini and Vertex AI/ML Models, such as data encryption, access controls, and privacy-protecting techniques and in accordance with Google AI Principles available at https://ai.google/responsibility/principles/
  • Airship follows Google’s best practices for secure AI/ML development and deployment.
  • Airship deploys the Google Gemini/Vertex AI AI/ML Models in a privacy-protecting manner, respecting user privacy and complying with applicable data protection regulations. Data generated by these models is held to the same security and compliance standards as other Customer Data in the Airship Service and is audited as such. 
  • Airship works closely with our third-party AI/ML Models provider, Google, to stay informed about emerging AI security threats and vulnerabilities.