Security
Aigir.Group platform security
Protecting customer data is a priority for Aigir.Group. Below are the principles and measures we use to keep information safe and confidential.
Updated: June 17, 2026
Security approach
The platform is built on a security-by-design principle: protective measures are part of the architecture rather than added afterwards. Data security is considered at every stage — from storage to access control.
Data stored in Russia
In accordance with Article 18(5) of Federal Law No. 152-FZ “On Personal Data”, the recording, systematization, accumulation, storage, amendment and retrieval of personal data of Russian citizens are carried out using databases located in the territory of the Russian Federation. The platform infrastructure is hosted in Russian data centers.
Encryption and transport security
Data transmitted between the user and the platform is protected with TLS (HTTPS). Passwords are stored as irreversible cryptographic hashes and are never kept in plain text. Access to sensitive data is restricted and controlled.
Customer data isolation
The platform follows a multi-tenancy model: each organization’s data is isolated in a separate logical scope by tenant identifier. Architectural constraints prevent unauthorized access to other customers’ data.
Access control
Access to features and data is governed by role-based access control (RBAC) following the principle of least privilege: a user is granted only the permissions required for their role.
Audit and traceability
Critical operations on data are recorded in an audit log together with the user and timestamp. This ensures traceability of actions and control over data processing.
Backups
Regular data backups ensure data durability and the ability to recover in the event of technical failures.
Electronic signature
The platform supports electronic signatures in accordance with Federal Law No. 63-FZ “On Electronic Signature”, including simple (PES) and qualified electronic signatures (QES) for legally significant document workflows.
Legal compliance
Personal data is processed in accordance with the requirements of 152-FZ, including notification of the authorized data protection authority (Roskomnadzor). The processing of data is described in the Privacy Policy.
Incident response
If a personal data security incident is detected, the Operator notifies Roskomnadzor within the time limits established by law and takes measures to mitigate the consequences and prevent recurrence.
Report a security issue
To report a vulnerability or ask a security-related question, write to security@aigir.group.
Related documents