Security
We're an early-stage company and we're honest about where we are. We don't have SOC 2 certification yet. What we do have are sensible, documented controls and a commitment to being transparent about how your data is handled.
Encryption in transit and at rest
All data is transmitted over HTTPS using TLS 1.2 or higher. Data stored in our systems is encrypted at rest using AES-256.
EU-based hosting
AITicketFlow is hosted on infrastructure located within the European Union. Your data does not leave the EU/EEA as part of standard service operation.
Access controls
Internal access to production systems and customer data is restricted by role. We follow the principle of least privilege — team members only access data necessary for their function.
AI subprocessor disclosure
Ticket content may be processed by third-party LLM APIs to perform routing and classification. These providers are bound by data processing agreements. Content is not used to train foundation models. Full details are in our Terms of Service.
GDPR compliance
YACOSMART LTD is subject to UK GDPR and processes personal data in accordance with our Privacy Policy. A Data Processing Agreement (DPA) is available on request for customers who require one.
Incident response
In the event of a confirmed security incident affecting customer data, we will notify affected customers without undue delay and in accordance with our obligations under UK GDPR. To report a security concern, email support@aiticketflow.com.
Have a security question or want to request a DPA? Email us at support@aiticketflow.com.