Security
Last updated:
Please read the Security statement below. The Keep Good Company® LLC is committed to the protection of personal and sensitive information. Security is enforced at every layer of the platform — infrastructure, application, and operational practice. Last security assessment: March 2026.
INFRASTRUCTURE SECURITY
AIREPORT is hosted on infrastructure that maintains independent compliance certifications and provides defense at the network level.
SOC 2 Type II compliant infrastructure
PCI DSS Level 1 compliant payment processing
TLS 1.2/1.3 encryption for all data in transit
AES-256 encryption for data at rest
DDoS mitigation and web application firewall
Automated bot detection and filtering
Content Security Policy, enforced HTTPS-only connections, and comprehensive security headers
DATA PROTECTION
Your portfolio data is never accessible to other users
Your data is used only for your account — never for analytics, training, or third-party purposes
AI-powered features operate under zero-data-retention agreements with service providers
Your portfolio data is never stored by AI service providers or used for model training
Restricted access controls on sensitive data
AUTHENTICATION & IDENTITY
Secure session tokens with cryptographic signing
Secure HTTP-only session cookies
OAuth 2.0 authentication (Google, Apple) — shares only your name and email address
No passwords are stored by AIREPORT for OAuth accounts
Rate limiting on authentication endpoints
Automatic session expiration
PAYMENT SECURITY
All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. No payment card data is stored on our servers. All payment events are cryptographically verified before processing.
PRIVACY & COMPLIANCE
GDPR compliant (European Union)
CCPA compliant (California)
Personal data collected includes account information, portfolio data, and usage analytics
Right to access, correct, and delete personal data
No sale of user data to third parties
Data stored in the United States
Regular security assessments
THIRD-PARTY SERVICE PROVIDERS
The Keep Good Company LLC partners with service providers that maintain independent security certifications.
Supabase (SOC 2 Type II) — database and authentication infrastructure
Stripe (PCI DSS Level 1) — payment processing
Proton (ISO/IEC 27001) — encrypted email and file storage
Apple iCloud (ISO/IEC 27001, 27018) — distributed application services
Notion (SOC 2 Type II) — internal operations
DATA RETENTION & MANAGEMENT
Data is retained for a minimum of one year. The following practices are implemented:
Access Controls: Only authorized personnel may access user data, on a need-to-know basis.
Secure Deletion: When data is no longer needed, it is securely deleted within the respective service environment.
CONTACT INFORMATION
To report a security concern and for questions about security, please email care@keepgood.co.
Security
Last updated:
Please read the Security statement below. The Keep Good Company® LLC is committed to the protection of personal and sensitive information. Security is enforced at every layer of the platform — infrastructure, application, and operational practice. Last security assessment: March 2026.
INFRASTRUCTURE SECURITY
AIREPORT is hosted on infrastructure that maintains independent compliance certifications and provides defense at the network level.
SOC 2 Type II compliant infrastructure
PCI DSS Level 1 compliant payment processing
TLS 1.2/1.3 encryption for all data in transit
AES-256 encryption for data at rest
DDoS mitigation and web application firewall
Automated bot detection and filtering
Content Security Policy, enforced HTTPS-only connections, and comprehensive security headers
DATA PROTECTION
Your portfolio data is never accessible to other users
Your data is used only for your account — never for analytics, training, or third-party purposes
AI-powered features operate under zero-data-retention agreements with service providers
Your portfolio data is never stored by AI service providers or used for model training
Restricted access controls on sensitive data
AUTHENTICATION & IDENTITY
Secure session tokens with cryptographic signing
Secure HTTP-only session cookies
OAuth 2.0 authentication (Google, Apple) — shares only your name and email address
No passwords are stored by AIREPORT for OAuth accounts
Rate limiting on authentication endpoints
Automatic session expiration
PAYMENT SECURITY
All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. No payment card data is stored on our servers. All payment events are cryptographically verified before processing.
PRIVACY & COMPLIANCE
GDPR compliant (European Union)
CCPA compliant (California)
Personal data collected includes account information, portfolio data, and usage analytics
Right to access, correct, and delete personal data
No sale of user data to third parties
Data stored in the United States
Regular security assessments
THIRD-PARTY SERVICE PROVIDERS
The Keep Good Company LLC partners with service providers that maintain independent security certifications.
Supabase (SOC 2 Type II) — database and authentication infrastructure
Stripe (PCI DSS Level 1) — payment processing
Proton (ISO/IEC 27001) — encrypted email and file storage
Apple iCloud (ISO/IEC 27001, 27018) — distributed application services
Notion (SOC 2 Type II) — internal operations
DATA RETENTION & MANAGEMENT
Data is retained for a minimum of one year. The following practices are implemented:
Access Controls: Only authorized personnel may access user data, on a need-to-know basis.
Secure Deletion: When data is no longer needed, it is securely deleted within the respective service environment.
CONTACT INFORMATION
To report a security concern and for questions about security, please email care@keepgood.co.