Data Security and Encryption
At Aerca, we view the protection of your financial data as our most critical responsibility. Our security posture is engineered from the ground up to meet and exceed enterprise-grade standards. This document outlines our multi-layered cryptographic framework, how we manage your uploaded files, and our uncompromising stance on AI data privacy.
1. End-to-End & At-Rest Encryption
Aerca deploys a robust cryptographic framework designed to protect highly sensitive financial telemetry at every stage:
- In Transit: All data flowing between our servers, your browser, and authorized third-party accounting software is encrypted using TLS 1.2 or higher (with a strong preference for TLS 1.3), ensuring that your data cannot be intercepted or tampered with over the network.
- At Rest: All databases, connected API tokens, and persistent data stores are encrypted at rest using AES-256 bit encryption, widely recognized as the gold standard for securing classified and highly sensitive financial data.
- Zero-Trust Internal Access: Aerca operates on a strict zero-trust internal architecture. Our engineering and support staff do not have default access to your raw financial data. Any necessary access for troubleshooting must be explicitly authorized, time-bound, and strictly audited.
2. How Uploaded Files are Stored and Managed
We understand that the files you upload to Aerca (such as invoices, receipts, contracts, and financial statements) contain your most sensitive business data. We handle file storage with strict institutional-grade protocols:
- Secure Cloud Storage: All uploaded files are stored in isolated, private cloud storage buckets (hosted on industry-leading infrastructure like AWS). These buckets are strictly not publicly accessible.
- File-Level Encryption: Every individual file is encrypted at rest using server-side AES-256 encryption before it is saved to the storage disk.
- Temporary Signed URLs: When you or an authorized user requests to view or download a file, our system generates a temporary, cryptographically signed URL. This link expires within minutes, ensuring that even if a link is accidentally shared, it cannot be accessed after expiration.
- Malware Scanning: All files are automatically scanned for malware and malicious payloads upon upload. Any suspicious files are immediately quarantined and rejected to protect your agency's broader environment.
3. Artificial Intelligence Privacy and Data Siloing
Aerca leverages advanced Artificial Intelligence (AI) to automate invoicing, categorize transactions, and generate cash-flow forecasts. We recognize that introducing AI into financial workflows requires absolute transparency and rigid data protection boundaries.
- Zero-Retention and Non-Training Mandate: We are committed to a strict "no training" policy. Your proprietary financial data, client lists, uploaded files, and transaction histories will NEVER be used to train, fine-tune, or improve our foundational AI models, nor those of any third-party AI provider.
- Ephemeral Processing: When our AI models process your data to generate a forecast or draft an invoice, the data is processed ephemerally. The AI acts as an isolated reasoning engine, analyzing the data strictly in memory for the duration of the task, without retaining the underlying financial context after the output is generated.
- Tenant Isolation: Your data remains strictly partitioned. The AI context generated for your agency is logically isolated and cannot leak into or influence the AI outputs generated for any other Aerca user.
4. Secure Third-Party Integrations (OAuth)
To function as an autonomous financial operator, Aerca connects to your existing toolstack based entirely on the Principle of Least Privilege:
- We solely utilize official, secure OAuth APIs provided by your software vendors (e.g., QuickBooks, Xero).
- Aerca will never ask for, nor store, your direct username or password for third-party services.
- We request only the specific permissions necessary to perform authorized tasks, and you maintain the ability to instantly revoke Aerca's access tokens directly from your provider's dashboard at any time.
5. Transparency, Accountability, and Incident Response
Trust in financial technology is sustained through unwavering transparency and accountability. Aerca enforces rigorous incident response protocols:
- Proactive Auditing: Our platform is subjected to comprehensive penetration testing and security auditing by independent third-party cybersecurity firms.
- Breach Accountability: In the highly unlikely event of a data breach or security incident, we commit to immediate, transparent notification to all affected users without undue delay.
- Root Cause Analysis: We believe in public accountability. Any security incident will be followed by a transparent root-cause analysis detailing the vectors involved, what data was potentially exposed, and the concrete engineering steps implemented to neutralize the threat permanently.
6. Data Ownership, Portability, and Right to Erasure
Your financial data belongs exclusively to you. Aerca serves merely as a secure custodian and processor of that data to facilitate your agency's operations. We will never sell your data to third-party brokers or advertisers. Furthermore, should you decide to leave the Aerca platform, we guarantee the ability to securely export your data, followed by the complete and permanent cryptographic erasure of your records and uploaded files from our active databases and backups.
7. Responsible Disclosure
We welcome collaboration with the global cybersecurity community. If you discover a vulnerability in our systems, we ask that you report it to us responsibly via the contact form on our homepage. We evaluate all reports with the highest priority and will work swiftly to resolve verified issues.