Your property data is sensitive. Here is exactly how we protect it.
All customer data is stored on AWS in the UAE region (me-central-1). Your property, tenant, and financial data never leaves the UAE by default.
Data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Database backups are encrypted and stored in the same UAE region.
We are currently pursuing SOC 2 Type II and ISO 27001 certification. Enterprise customers on the Premium plan receive audit reports upon request.
Aqaris runs on Amazon Web Services (AWS) in the me-central-1 (UAE) region. We use managed services with automatic patching, private networking (VPC), and least-privilege IAM policies. Production infrastructure is isolated from staging and development environments.
All access to production systems requires multi-factor authentication (MFA). Role-based access controls (RBAC) ensure staff can only access systems required for their role. Access is reviewed quarterly and revoked immediately upon off-boarding. Customer data is logically isolated by tenant — no customer can access another customer's data.
We follow OWASP secure development guidelines. Code changes are reviewed before deployment. We run automated vulnerability scanning as part of our CI/CD pipeline. Dependency updates are monitored and applied on a regular cadence.
Aqaris does not store raw card numbers. Payment processing is handled by PCI-DSS certified gateways (Telr, PayTabs, Noqoodi, Stripe). Aqaris operates as a merchant of record or pass-through depending on your plan and gateway configuration.
We maintain automated daily backups with point-in-time recovery. Our recovery time objective (RTO) target is 4 hours and recovery point objective (RPO) is 1 hour. Disaster recovery is tested at minimum annually.
We maintain a documented incident response plan. In the event of a data breach that affects your organisation, we will notify you within 72 hours of becoming aware of the incident, in line with applicable regulations.
If you discover a security vulnerability in Aqaris, we ask that you report it to us responsibly before public disclosure. Please email security@aqaris.com with details of the vulnerability. We will acknowledge receipt within 2 business days and work with you to resolve the issue.
We do not pursue legal action against good-faith security researchers who follow this policy.
For security-related questions not covered here, contact security@aqaris.com. For privacy-related questions, see our Privacy Policy.