Information
Security
Policy

This policy defines the practices, procedures, and controls that Ajeris employs to protect consumer financial data, personally identifiable information (PII), and system infrastructure. It applies to every system, service, and person involved in building and running the Ajeris personal agent platform.

Covers:

• ◆Consumer data collected via Plaid (bank accounts, transactions, balances, credit reports)
• ◆OAuth tokens and API credentials for connected services (Google, Spotify, Hue, Twilio, Slack, and others)
• ◆User identity data (phone numbers, names, addresses)
• ◆Agent conversation history and memory data
• ◆All infrastructure components (databases, application servers, CI/CD pipelines)

Every piece of data we handle is classified so controls are proportionate to sensitivity.

• ◆Restricted: financial data, credentials, PII (Plaid access tokens, credit reports, OAuth tokens, phone numbers, bank balances)
• ◆Confidential: internal business data (API keys, encryption keys, system configuration)
• ◆Internal: operational data (conversation logs, agent prompts, usage metrics)

All consumer-facing data defaults to Restricted unless explicitly classified otherwise.

We encrypt in transit and at rest, using standards that meet or exceed SOC 2, FCRA, and PCI-adjacent requirements.

• ◆In transit: TLS 1.2 or higher for all client-server and third-party API traffic. No plaintext HTTP endpoints are exposed in production.
• ◆At rest: sensitive credentials (OAuth tokens, Plaid access tokens, refresh tokens) are encrypted with PostgreSQL pgcrypto symmetric encryption (pgp_sym_encrypt) before storage.
• ◆Keys: 32+ byte random strings, stored in environment variables only. Never in source code, never in version control, never shared across environments.
• ◆Key rotation: documented procedure. Generate new key, re-encrypt stored values, deploy, verify, revoke old key.

Access is scoped per user, protected by MFA, and isolated at multiple layers.

• ◆Infrastructure: every account (GitHub, Railway, Twilio, Plaid, Anthropic) requires multi-factor authentication. SSH key authentication only. Database is not publicly reachable.
• ◆Application: each user has a stable UUID. All database queries are scoped by userId. Row-Level Security (RLS) is enforced via withUserContext() for transaction-scoped reads and writes.
• ◆Agent isolation: per-user containers. The agent process runs with settingSources: [] and autoMemoryEnabled: false to prevent cross-user data leakage.
• ◆Third-party credentials: OAuth tokens are encrypted, scoped per user (unique on userId, service), and never logged or surfaced in API responses.

Security controls live inside our engineering workflow, not alongside it.

• ◆Private Git repository. Secrets excluded via .gitignore. Main branch protected: required reviews, required status checks, no direct pushes.
• ◆npm audit runs on every pull request and weekly against main. A PR cannot merge if any high- or critical-severity advisory is surfaced.
• ◆Dependabot opens grouped weekly PRs for minor/patch updates across all three workspaces, and immediate individual PRs for any security-severity advisory.
• ◆All MCP tool inputs are validated with Zod schemas. User input is processed by the agent framework, never executed as code. SQL injection is prevented by Prisma parameterized queries.
• ◆Twilio webhook requests are validated via HMAC signature before any business logic runs. Setup tokens use 192 bits of cryptographic entropy, are single-use, and expire in 24 hours.
• ◆Critical patches within 24 hours of disclosure; high-severity within 7 days. See the Vulnerability Management Policy for the full SLA table.

Hosting, networking, and monitoring.

• ◆Hosting: Railway, a SOC 2 Type II certified platform. Each user agent runs in an isolated container. No shared state between containers except the central database (with RLS).
• ◆Network: encrypted channels (TLS 1.2+) for all service-to-service traffic. Database connections use SSL. External webhooks (Twilio, Alexa) validated by signature before processing.
• ◆Monitoring: structured logging with Winston, per-user usage tracking, scheduled health checks via the heartbeat scheduler.

When something goes wrong, we move fast and we tell you what happened.

• ◆Detect: structured logs and anomaly monitoring across authentication failures, API errors, and unusual usage patterns.
• ◆Identify: determine scope and nature within 4 hours of detection during business hours.
• ◆Contain: isolate affected systems. Revoke compromised credentials. Disable affected accounts.
• ◆Eradicate: remove root cause. Patch. Rotate keys.
• ◆Recover: restore operations and verify integrity end-to-end.
• ◆Notify: inform affected users within 72 hours when personal data is compromised.
• ◆Review: document the lessons and update this policy.

Report security concerns to hi@ajeris.com.

You own your data. We retain it only as long as it serves you, and we delete it when you ask.

• ◆Active accounts: financial data (balances, transactions) retained while your account is active.
• ◆User deletion: all user data is cascade-deleted from the database (onDelete: Cascade on every user-scoped model). Plaid tokens revoked via the Plaid API.
• ◆Backups: hosting provider retention schedule. Purged within 90 days of account deletion.
• ◆At any time: ask your agent to disconnect accounts or delete everything. "Forget me" is a first-class command.

What we do not do with your data.

• ◆Consumer data is never sold to third parties.
• ◆Consumer data is never used to train AI models outside your account.
• ◆Consumer data is never shared with advertisers.
• ◆Data sharing is limited to what the service requires (Plaid for account data, Twilio for SMS, Anthropic for agent inference).

See our full privacy policy for consumer-facing details and your rights.

Regulations we operate under, and how.

• ◆FCRA: consumer credit data is accessed only with written consumer consent under the permissible-purpose framework of Section 604(a)(2). Consumers can dispute information through the agent.
• ◆FDCPA: any creditor communications (debt validation letters, pay-for-delete letters) comply with FDCPA requirements. No harassment, deception, or unfair practices.
• ◆CROA: Ajeris is positioned as a consumer DIY tool, not a credit repair organization. No advance fees for credit repair services.

This policy is reviewed:

• ◆Annually at minimum
• ◆Upon any significant infrastructure change
• ◆Upon any security incident
• ◆Before onboarding new third-party data providers

Next scheduled review: April 2027.

Security concerns or compliance questions: email us at hi@ajeris.com. Target initial response time: 4 hours during business hours.