top of page
O-3DyP.gif

Security Compliance

Last Updated: April 10, 2025

At aimproved.com ("Company"), we are committed to safeguarding the personal and sensitive data entrusted to us. Our Data Security Policy outlines the measures we take to protect data, ensuring its confidentiality, integrity, and availability. This policy applies to all employees, contractors, suppliers, and partners involved in processing or accessing data on behalf of the Company.

1. Data Protection Principles

We are dedicated to the following principles to protect all data:

  • Confidentiality: Ensuring that data is only accessible to authorized individuals.

  • Integrity: Ensuring that data is accurate, complete, and trustworthy.

  • Availability: Ensuring that data is accessible when required by authorized users.

  • Accountability: Ensuring that there are clear responsibilities for data protection.

2. Data Classification

Data must be classified based on its sensitivity and importance to the Company. The classification determines how the data will be handled, protected, and disposed of. All data should be classified as:

  • Public: Information intended for public disclosure.

  • Internal: Information that is not confidential but is intended for internal use only.

  • Confidential: Sensitive information that must be protected due to legal, contractual, or privacy obligations.

  • Highly Confidential: Information requiring the highest level of protection due to its critical nature.

3. Data Access Control

We implement strict controls on who can access data. Access is granted based on:

  • Need-to-know basis: Only authorized individuals are allowed access to specific data necessary for their job roles.

  • Role-based access control (RBAC): Access levels are assigned based on job roles and responsibilities.

  • Authentication and authorization: Secure login methods (e.g., passwords, multi-factor authentication) are required to access data.
     

4. Data Encryption

We ensure that sensitive data is protected using encryption during transmission and at rest. This includes:

  • Encryption in Transit: Data transmitted over networks is encrypted to prevent unauthorized access during transmission.

  • Encryption at Rest: Sensitive data stored on systems or devices is encrypted to ensure its protection in case of unauthorized access.

5. Data Minimization

We follow the principle of data minimization, which means collecting only the minimum amount of personal or sensitive data necessary for legitimate business purposes. We avoid excessive or unnecessary data collection.

6. Data Retention and Disposal

Data will be retained only for as long as necessary to fulfill its purpose. When data is no longer needed, we ensure that it is securely disposed of or anonymized, including:

  • Secure Deletion: All data must be deleted using secure methods to ensure that it cannot be reconstructed or retrieved.

  • Data Anonymization: When appropriate, data may be anonymized to ensure privacy while still enabling useful analysis.

7. Security Incident Response

We have a comprehensive security incident response plan in place to detect, respond to, and recover from data breaches or security incidents. The plan includes:

  • Incident Detection: Continuous monitoring for potential security breaches.

  • Incident Notification: Prompt notification to affected individuals and regulatory bodies in accordance with legal requirements.

  • Incident Resolution: Swift corrective actions to contain and resolve the breach.

8. Third-Party Data Security

We require that third-party vendors, contractors, and partners who handle or access our data comply with our data security standards. This includes:

  • Due Diligence: Vetting third parties for their ability to meet our data protection requirements.

  • Contractual Obligations: Ensuring third parties have appropriate data protection clauses in their contracts.

  • Audits and Assessments: Regular monitoring and auditing of third-party practices to ensure compliance with our data security standards.

9. Employee Training and Awareness

We ensure that all employees receive regular training on data security best practices, including:

  • Security Awareness: Educating employees on potential data security threats such as phishing, malware, and social engineering.

  • Data Handling Procedures: Training employees on how to handle, store, and dispose of data securely.

10. Compliance with Legal and Regulatory Requirements

We adhere to all applicable data protection laws and regulations, including:

  • General Data Protection Regulation (GDPR) for individuals in the EU.

  • California Consumer Privacy Act (CCPA) for individuals in California.

  • Any other relevant local, regional, or international data protection laws.

11. Monitoring and Auditing

We regularly monitor and audit our data security practices to identify and address potential vulnerabilities. This includes:

  • Vulnerability Scanning: Routine scans to detect security weaknesses.

  • Audit Trails: Maintaining logs of data access and usage for accountability and transparency.

12. Data Security Violations

We take violations of our data security policies seriously and will take appropriate actions, including:

  • Disciplinary Measures: Employees found violating data security policies may face disciplinary actions.

  • Corrective Actions: Any identified security gaps will be addressed promptly to mitigate risks and prevent future incidents.

13. Contact Information

For questions, concerns, or reports related to data security, please contact the Company’s Data Security Department at security@aimproved.com.

erasebg-transformed-width=400%.png

Security Compliance

Last Updated: April 10, 2025

At aimproved.com ("Company"), we are committed to safeguarding the personal and sensitive data entrusted to us. Our Data Security Policy outlines the measures we take to protect data, ensuring its confidentiality, integrity, and availability. This policy applies to all employees, contractors, suppliers, and partners involved in processing or accessing data on behalf of the Company.

1. Data Protection Principles

We are dedicated to the following principles to protect all data:

  • Confidentiality: Ensuring that data is only accessible to authorized individuals.

  • Integrity: Ensuring that data is accurate, complete, and trustworthy.

  • Availability: Ensuring that data is accessible when required by authorized users.

  • Accountability: Ensuring that there are clear responsibilities for data protection.

2. Data Classification

Data must be classified based on its sensitivity and importance to the Company. The classification determines how the data will be handled, protected, and disposed of. All data should be classified as:

  • Public: Information intended for public disclosure.

  • Internal: Information that is not confidential but is intended for internal use only.

  • Confidential: Sensitive information that must be protected due to legal, contractual, or privacy obligations.

  • Highly Confidential: Information requiring the highest level of protection due to its critical nature.

3. Data Access Control

We implement strict controls on who can access data. Access is granted based on:

  • Need-to-know basis: Only authorized individuals are allowed access to specific data necessary for their job roles.

  • Role-based access control (RBAC): Access levels are assigned based on job roles and responsibilities.

  • Authentication and authorization: Secure login methods (e.g., passwords, multi-factor authentication) are required to access data.
     

4. Data Encryption

We ensure that sensitive data is protected using encryption during transmission and at rest. This includes:

  • Encryption in Transit: Data transmitted over networks is encrypted to prevent unauthorized access during transmission.

  • Encryption at Rest: Sensitive data stored on systems or devices is encrypted to ensure its protection in case of unauthorized access.

5. Data Minimization

We follow the principle of data minimization, which means collecting only the minimum amount of personal or sensitive data necessary for legitimate business purposes. We avoid excessive or unnecessary data collection.

6. Data Retention and Disposal

Data will be retained only for as long as necessary to fulfill its purpose. When data is no longer needed, we ensure that it is securely disposed of or anonymized, including:

  • Secure Deletion: All data must be deleted using secure methods to ensure that it cannot be reconstructed or retrieved.

  • Data Anonymization: When appropriate, data may be anonymized to ensure privacy while still enabling useful analysis.

7. Security Incident Response

We have a comprehensive security incident response plan in place to detect, respond to, and recover from data breaches or security incidents. The plan includes:

  • Incident Detection: Continuous monitoring for potential security breaches.

  • Incident Notification: Prompt notification to affected individuals and regulatory bodies in accordance with legal requirements.

  • Incident Resolution: Swift corrective actions to contain and resolve the breach.

8. Third-Party Data Security

We require that third-party vendors, contractors, and partners who handle or access our data comply with our data security standards. This includes:

  • Due Diligence: Vetting third parties for their ability to meet our data protection requirements.

  • Contractual Obligations: Ensuring third parties have appropriate data protection clauses in their contracts.

  • Audits and Assessments: Regular monitoring and auditing of third-party practices to ensure compliance with our data security standards.

9. Employee Training and Awareness

We ensure that all employees receive regular training on data security best practices, including:

  • Security Awareness: Educating employees on potential data security threats such as phishing, malware, and social engineering.

  • Data Handling Procedures: Training employees on how to handle, store, and dispose of data securely.

10. Compliance with Legal and Regulatory Requirements

We adhere to all applicable data protection laws and regulations, including:

  • General Data Protection Regulation (GDPR) for individuals in the EU.

  • California Consumer Privacy Act (CCPA) for individuals in California.

  • Any other relevant local, regional, or international data protection laws.

11. Monitoring and Auditing

We regularly monitor and audit our data security practices to identify and address potential vulnerabilities. This includes:

  • Vulnerability Scanning: Routine scans to detect security weaknesses.

  • Audit Trails: Maintaining logs of data access and usage for accountability and transparency.

12. Data Security Violations

We take violations of our data security policies seriously and will take appropriate actions, including:

  • Disciplinary Measures: Employees found violating data security policies may face disciplinary actions.

  • Corrective Actions: Any identified security gaps will be addressed promptly to mitigate risks and prevent future incidents.

13. Contact Information

For questions, concerns, or reports related to data security, please contact the Company’s Data Security Department at security@aimproved.com.

Secure and Compliant Data Collection for AI

Last Updated: April 10, 2025

Aimproved is a leader in delivering end-to-end, secure data collection solutions explicitly designed to uphold the highest standards of data privacy, security, and regulatory compliance. Our infrastructure and methodologies ensure that AI and ML datasets are acquired with uncompromising confidentiality, transparency, and governance, empowering clients to confidently develop AI systems grounded in ethically sourced, compliant, and protected data.

Security-Centric Data Collection Framework

Our data collection operations are built on a foundation of security-first principles, designed to protect sensitive contributor information and maintain dataset integrity across every phase:

  • Encrypted Data Capture: All data is captured using platforms with built-in AES-256 encryption at rest and TLS 1.2+ protocols in transit, ensuring confidentiality from point of capture through transfer and storage.

  • Secure Remote Collection: Our mobile and web-based platforms incorporate advanced authentication, secure session management, and encrypted data channels to prevent unauthorized access or data leakage during crowdsourced or remote collection initiatives.

  • Naturalistic Collection with Privacy-by-Design: When collecting real-world “in-the-wild” data, we embed privacy-enhancing technologies, ensuring informed consent is captured dynamically, data is anonymized where necessary, and environment validation mitigates inadvertent data exposure.

Rigorous Privacy Compliance & Governance

Aimproved’s data governance framework is meticulously aligned with global regulatory standards and ethical best practices, providing clients with complete confidence in data privacy and legal adherence:

  • Full GDPR & CCPA Compliance: Every stage of our data lifecycle adheres to the strictest requirements, including lawful processing grounds, data minimization, purpose limitation, and data subject rights facilitation (access, correction, deletion).

  • Dynamic Consent Management: Our consent workflows ensure explicit, granular opt-in consent is captured transparently. Contributors can withdraw consent or request data deletion easily, with automated processes ensuring prompt action in accordance with legal obligations.

  • Privacy Impact Assessments (PIA): All projects undergo thorough risk assessments to identify and mitigate potential privacy risks, ensuring adherence to privacy-by-design principles throughout data collection operations.

Enterprise-Grade Data Security Controls

Our operational security controls are designed to protect data confidentiality, integrity, and availability at scale:

  • ISO/IEC 27001 Certified Infrastructure: Hosting environments meet internationally recognized standards for information security management, featuring continuous monitoring, incident response protocols, and disaster recovery capabilities.

  • Role-Based Access Control (RBAC): Strict enforcement of the principle of least privilege governs all user and system access, minimizing exposure of sensitive data to only those with a justified operational need.

  • Comprehensive Audit Trails: Immutable logging and regular access reviews provide complete transparency and accountability for all data access and modification activities.

  • Secure Data Retention & Disposal: Data retention policies are rigorously enforced, with secure, verifiable data deletion mechanisms to prevent unauthorized data persistence.

Ethical and Transparent Contributor Engagement

Aimproved’s contributor sourcing and management prioritize ethical practices and data subject empowerment:

  • Transparent Communication: Contributors receive clear, comprehensive information regarding data usage, retention, and rights prior to participation.

  • Voluntary and Revocable Participation: Participation is strictly voluntary with simple, user-friendly processes enabling contributors to withdraw consent or request removal of their data at any point.

  • Fair Compensation with Compliance: Payment practices comply with local regulations and privacy norms, ensuring ethical contributor relationships without compromising confidentiality.

Quality Assurance with Security in Mind

Our annotation and quality control pipelines incorporate secure handling and privacy safeguards:

  • Access-Restricted Annotation Environment: Annotation platforms are isolated environments with secure authentication, ensuring only authorized annotators and reviewers can access sensitive datasets.

  • Human-in-the-Loop with Privacy Safeguards: Continuous human oversight is balanced with privacy controls, including anonymization protocols and strict data usage policies for annotators and QA personnel.

  • AI-Driven Data Masking and Anomaly Detection: Automated tools help identify potential privacy breaches or data inconsistencies early, triggering escalation and remediation workflows.
     

Contact & Data Subject Rights Management

Aimproved is fully committed to respecting and facilitating data subject rights with dedicated support channels:

  • Data Access & Deletion Requests: Contributors can easily submit requests through our secure portal or contact dpo@aimproved.com, with guaranteed response and fulfillment in accordance with regulatory timelines.

  • Dedicated Privacy Team: Our in-house privacy and compliance specialists oversee all data protection activities, ensuring proactive compliance and rapid incident response.

Our Commitment: Enabling AI Innovation Through Trusted, Privacy-First Data Collection

Aimproved stands at the forefront of secure and privacy-conscious data collection, delivering AI-ready datasets that meet or exceed the highest global data protection standards. We empower organizations to confidently develop and deploy AI solutions anchored in ethically sourced, rigorously secured, and fully compliant data pipelines - ensuring trust and integrity from contributor to model.

bottom of page