Security — Autogenic

Our approach

Security at Autogenic is built into delivery workflows, not added after the fact. Our information security program governs how data is stored, accessed, transmitted, and retired across every stage of the service lifecycle.

This page describes the controls we maintain. For questions about our security posture or to request additional documentation, contact us at compliance@autogenic.ai.

Data in transit and at rest

All data transmitted between Autogenic systems and customer environments is encrypted using TLS. Data stored within Autogenic infrastructure is encrypted at rest using AES-256 or an equivalent standard.

In transit

TLS 1.2 minimum enforced across all endpoints. Certificates managed and rotated on a defined schedule.

At rest

AES-256 encryption applied to stored data. Encryption keys managed via dedicated key management infrastructure.

Access control

Access to Autogenic systems and customer data is governed by role-based access controls. Access is granted on a least-privilege basis and reviewed regularly. Multi-factor authentication is required for all internal system access.

Role-based access controls across all internal systems
Multi-factor authentication enforced for all staff accounts
Access reviews conducted on a defined cadence
Privileged access logged and audited separately
Offboarding procedures remove access within 24 hours of departure

Monitoring and logging

System access and activity is logged continuously. Logs are retained for a defined period and reviewed for anomalous activity. Automated alerting is configured for access outside normal parameters.

Centralized logging across all production systems
Automated alerting for access anomalies and threshold breaches
Log integrity controls to prevent tampering
Security events reviewed by responsible staff on a regular cadence

Vulnerability management

Autogenic maintains an ongoing vulnerability management program that includes regular automated scanning, periodic third-party penetration testing, and a defined remediation process for identified issues.

Automated vulnerability scanning on a regular schedule
Third-party penetration testing conducted periodically
Critical and high-severity findings remediated on a defined SLA
Dependency and software supply chain monitoring in place

Availability and resilience

Autogenic maintains business continuity and disaster recovery plans designed to ensure service availability and data integrity in the event of an incident.

Uptime target

99.9% availability target for production services, excluding scheduled maintenance windows.

Backups

Regular automated backups with defined retention. Backup integrity verified on a scheduled basis.

Redundancy

Critical infrastructure deployed with redundancy to mitigate single points of failure.

Recovery testing

Disaster recovery procedures tested periodically to validate recovery time and data integrity.

Incident response

Autogenic maintains a formal incident response plan covering detection, containment, investigation, notification, and post-incident review. In the event of a confirmed security incident affecting customer data:

Affected customers will be notified within 24 hours of confirmation
Incident details, scope, and remediation steps will be communicated promptly
A post-incident review will be conducted and findings documented

To report a security issue If you believe you have identified a security vulnerability or incident involving Autogenic systems, contact us immediately at compliance@autogenic.ai. We will acknowledge receipt within one business day.

Personnel and training

All Autogenic staff with access to production systems or customer data are subject to confidentiality agreements and complete security awareness training as part of onboarding and on a recurring basis. Access is scoped to the minimum required to perform each role.

Subprocessors and third parties

Where Autogenic engages third-party vendors with access to production systems or customer data, those vendors are subject to security and confidentiality requirements consistent with our own program. Vendor relationships are reviewed periodically.

Data scope

Autogenic's services involve structured factual metadata about public businesses and entities. Our security controls are designed accordingly.

What Autogenic does not hold Autogenic does not store personal data, user profiles, device identifiers, advertising identifiers, cookie IDs, purchase histories, or financial account data as part of its commercial data services. Specific data handling obligations are governed by the applicable customer agreement.

Contact

For security inquiries, incident reports, or requests for additional security documentation, please contact:

Autogenic, LLC
3390 Peachtree Road NE, Suite 320
Atlanta, GA 30326

Email: compliance@autogenic.ai