Services Work Contact Start a project →
Security

Secure by keeping it simple.

The most secure data is the data you never collect. This page explains how we keep our footprint small and our defaults safe — honestly, without overselling.

Effective date: May 24, 2026 · Last updated: May 24, 2026

Contents

  1. Our approach to security
  2. Data in transit & at rest
  3. Infrastructure
  4. Access control
  5. Data minimization
  6. Application security
  7. Incident response
  8. Responsible disclosure
  9. Limitations
  10. Contact us

01 Our approach to security

At Applied AI Solutions, security starts with restraint. We believe the strongest control is to collect as little as possible and keep our attack surface small. Our public website is intentionally simple, and the small amount of information we do handle is treated carefully and by default.

We take reasonable, industry-standard measures to protect the Site and the limited data we hold. We are a small, new studio, and we are deliberately honest about that: we do not currently hold formal certifications such as SOC 2, ISO 27001, HIPAA, or PCI DSS. What follows is a truthful description of how we actually operate, not a list of badges.

02 Data in transit & at rest

Connections to our Site are encrypted using HTTPS/TLS, so traffic between your browser and our infrastructure is protected in transit. Email and the small amount of contact data we receive are stored within reputable providers that encrypt data at rest as part of their standard service.

We rely on established providers for transport and storage encryption rather than rolling our own, because mature, well-audited infrastructure is more trustworthy than a bespoke implementation.

03 Infrastructure

Our footprint is small and built on reputable, widely used services:

  • Static hosting on Cloudflare Pages — the Site is a static website, served and protected through Cloudflare's content-delivery network and security layer. A static site has no application server or database directly exposed to the public, which sharply reduces the ways it can be attacked.
  • Google Workspace for email — enquiries and correspondence are handled through Google Workspace, which provides enterprise-grade security for email.

We exercise reasonable due diligence in choosing vendors, favouring providers with strong, independently recognised security track records. You can see how these providers fit into our data handling in our Privacy Policy.

04 Access control

We apply the principle of least privilege: access to our accounts and the limited data we hold is restricted to those who genuinely need it. We enable multi-factor authentication (MFA) on the accounts that support it, use strong, unique credentials, and review access as our setup changes.

05 Data minimization

We collect as little personal information as we can. The only data we actively gather is what you choose to send us through the contact form — your name, email, optional company, a topic, and your message — plus standard technical logs. We do not run advertising networks, third-party trackers, or behavioural profiling.

Less data means less risk: there is simply less to lose, expose, or misuse. For the full picture of what we collect and how long we keep it, see our Privacy Policy.

06 Application security

Because the Site is static, its attack surface is minimal — there is no login, no user database, and no server-side application logic exposed to visitors. On top of that foundation we apply sensible defaults:

  • Security headers, including a Content Security Policy (CSP), to reduce the risk of injection and content-tampering attacks;
  • HTTPS enforced across the Site;
  • Dependency hygiene — we keep the small set of components the Site relies on current and apply patches promptly;
  • No unnecessary third-party scripts — we avoid loading external code we don't need, which keeps the surface area and supply-chain risk low.

07 Incident response

If we became aware of a security incident affecting personal information we hold, we would act to contain and investigate it, work with our infrastructure providers as needed, take reasonable steps to remediate, and notify affected individuals and any relevant authorities where required by law and within applicable timeframes. We would also review what happened and adjust our practices to reduce the chance of it recurring.

08 Responsible disclosure

We welcome good-faith reports from security researchers and anyone who notices a potential vulnerability in the Site. If you believe you have found a security issue, please email us at pwz1@appliedaisolutions.org with enough detail for us to reproduce and understand it.

We ask that you:

  • Give us a reasonable opportunity to investigate and address the issue before disclosing it publicly;
  • Avoid accessing, modifying, or deleting data that is not yours, and avoid any action that could degrade the Site for others;
  • Act in good faith and within the law.

We will acknowledge legitimate good-faith reports and work to resolve confirmed issues promptly. We do not currently operate a paid bug-bounty program, but we genuinely appreciate responsible reports.

09 Limitations

No system, and no organisation, can be perfectly secure. We take reasonable, industry-standard measures to protect the Site and the information we hold, but we cannot and do not guarantee absolute security. Security is an ongoing effort, and we continue to improve our practices as our studio grows and the threat landscape changes.

10 Contact us

For any security question, concern, or vulnerability report, contact us:

For how we handle the data behind these practices, see our Privacy Policy. For the terms governing use of the Site, see our Terms of Service.