Aigir.Group

Security

Aigir.Group platform security

Protecting customer data is a priority for Aigir.Group. Below are the principles and measures we use to keep information safe and confidential.

Updated: June 17, 2026

Security approach

The platform is built on a security-by-design principle: protective measures are part of the architecture rather than added afterwards. Data security is considered at every stage — from storage to access control.

Data stored in Russia

In accordance with Article 18(5) of Federal Law No. 152-FZ “On Personal Data”, the recording, systematization, accumulation, storage, amendment and retrieval of personal data of Russian citizens are carried out using databases located in the territory of the Russian Federation. The platform infrastructure is hosted in Russian data centers.

Encryption and transport security

Data transmitted between the user and the platform is protected with TLS (HTTPS). Passwords are stored as irreversible cryptographic hashes and are never kept in plain text. Access to sensitive data is restricted and controlled.

Customer data isolation

The platform follows a multi-tenancy model: each organization’s data is isolated in a separate logical scope by tenant identifier. Architectural constraints prevent unauthorized access to other customers’ data.

Access control

Access to features and data is governed by role-based access control (RBAC) following the principle of least privilege: a user is granted only the permissions required for their role.

Audit and traceability

Critical operations on data are recorded in an audit log together with the user and timestamp. This ensures traceability of actions and control over data processing.

Backups

Regular data backups ensure data durability and the ability to recover in the event of technical failures.

Electronic signature

The platform supports electronic signatures in accordance with Federal Law No. 63-FZ “On Electronic Signature”, including simple (PES) and qualified electronic signatures (QES) for legally significant document workflows.

Legal compliance

Personal data is processed in accordance with the requirements of 152-FZ, including notification of the authorized data protection authority (Roskomnadzor). The processing of data is described in the Privacy Policy.

Incident response

If a personal data security incident is detected, the Operator notifies Roskomnadzor within the time limits established by law and takes measures to mitigate the consequences and prevent recurrence.

Report a security issue

To report a vulnerability or ask a security-related question, write to security@aigir.group.