Legal

Information Security Policy

We keep your project data secure—by design, with built-in encryption, strict access controls, and a culture of accountability across our team.

June 18, 2025

1. Introduction

1.1 Purpose

This Information Security Policy outlines the comprehensive framework of principles, controls, and practices that Anyset Inc. (“Airtasks”) has implemented to protect the confidentiality, integrity, and availability of information. Our commitment is to safeguard the data entrusted to us by our customers and to ensure the resilience of our systems and services against evolving security threats. This policy provides a transparent overview of our security posture and our dedication to maintaining a secure environment for our customers, partners, and employees.

1.2 Scope

This policy applies to all information assets owned or managed by Airtasks, including customer data, intellectual property, and corporate information. It governs the entire Anyset ecosystem, encompassing all products and services operated by the company, such as Specs, Docs, Closeout, and the core Anyset platform. Adherence to this policy is mandatory for all Anyset employees, contractors, and third-party vendors who have access to our information systems.

1.3 Responsibilities

The protection of information is a shared responsibility at Airtasks. While the executive leadership team holds ultimate responsibility for the Information Security Program, every member of the Anyset team is accountable for pholding this policy within their respective roles. Specific responsibilities are defined and communicated to ensure a cohesive and security-conscious culture throughout the organization.

2. Governance

2.1 Security Program Ownership

Airtasks’ leadership is fundamentally committed to information security. The executive team is responsible for sponsoring, resourcing, and maintaining a comprehensive Information Security Program. This program is designed to be agile and responsive to the dynamic threat landscape, ensuring that our security measures remain effective and robust.

2.2 Policy Management

This Information Security Policy is a living document. It is subject to a formal review at least annually, or more frequently in response to significant changes in our operating environment, technological advancements, or emerging security threats. Updates are managed through a formal change control process to ensure consistency and clarity.

2.3 Security Awareness and Training

All Anyset employees are required to complete mandatory security awareness training upon hiring and on an ongoing annual basis. This training covers key security topics, including data handling, threat recognition, and incident reporting, to ensure our team remains our strongest defense.

3. Data Security

3.1 Data Classification

Anyset employs a data classification scheme to categorize information based on its level of sensitivity, criticality, and legal requirements. All data is classified into defined categories (e.g., Public, Internal, Confidential, Restricted), and each category has specific handling requirements to ensure appropriate levels of protection are applied.

3.2 Data Handling

We implement robust technical controls to protect data throughout its lifecycle. Customer data is encrypted in transit using industry-standard protocols such as Transport Layer Security (TLS 1.2 or higher). Data at rest is protected using advanced encryption standards, such as AES-256, leveraging the native encryption capabilities of the Google Cloud Platform (GCP) storage infrastructure.

3.3 Data Retention and Disposal

Our data retention policies are designed to meet both our customers’ needs and our legal and regulatory obligations. Data is retained for periods defined in our customer agreements and is securely disposed of at the end of its lifecycle using industry-accepted methods to prevent unauthorized access or recovery.

4. Access Control

4.1 User Access Management

Access to Airtasks’ information systems is governed by the principle of least privilege. This means that users are granted only the minimum level of access necessary to perform their job functions. A formal process is in place for requesting, approving, and revoking access, with periodic reviews to ensure ongoing appropriateness.

4.2 Authentication and Password Management

Anyset enforces strong authentication measures to protect against unauthorized access. This includes the enforcement of robust password policies, which mandate complexity, length, and regular rotation. We are actively progressing toward the mandatory adoption of Multi-Factor Authentication (MFA) across all critical systems.

4.3 Privileged Access

Access to systems with elevated privileges is restricted to a small number of authorized personnel. All privileged access is logged, monitored, and regularly reviewed to detect and investigate any anomalous activity, ensuring accountability and safeguarding our core infrastructure.

5. Network and Infrastructure Security

5.1 Cloud Hosting and Infrastructure

Our platform and services are built on the secure and scalable foundation of the Google Cloud Platform (GCP). We utilize the robust security features of GCP and leverage Google Kubernetes Engine (GKE) to manage our containerized applications.

5.2 Network Security Controls

Our network architecture is designed with security at its core. We employ network segmentation to isolate critical environments and utilize virtual private clouds (VPCs) and granular firewall rules to control traffic flow. This layered approach minimizes the attack surface and contains potential threats.

5.3 Encryption

All data transmitted between our users and services is encrypted using TLS. Customer data stored within our platform is encrypted at rest, ensuring that information remains confidential even in the event of a physical security breach.

6. Application Security

6.1 Secure Development Practices

Security is integrated into every phase of our Software Development Lifecycle (SDLC). Engineering teams follow secure coding best practices, and all code undergoes mandatory peer review. We conduct automated static and dynamic scans weekly to identify and address vulnerabilities.

6.2 Vulnerability Management

Anyset maintains a formal vulnerability management program to identify, assess, and remediate security weaknesses in a timely manner. Vulnerabilities are triaged by severity, and remediation is prioritized accordingly.

6.3 Third-Party Dependencies

We monitor third-party libraries and dependencies using automated tools to identify components with known vulnerabilities and update them proactively.

7. Incident Response

7.1 Incident Detection and Reporting

We employ a range of monitoring and logging tools to detect security incidents across infrastructure and applications. Clear reporting channels are available to all employees and external parties.

7.2 Incident Response Procedures

Anyset follows a defined Incident Response Plan outlining containment, investigation, eradication, and recovery procedures. The plan ensures minimal impact and timely communication with affected customers.

8. Business Continuity and Disaster Recovery

8.1 Backup Policy

Customer data is backed up hourly, encrypted, and stored in geographically diverse locations to ensure service resilience.

8.2 Disaster Recovery Testing

Anyset regularly tests its Disaster Recovery Plan to validate effectiveness and meet defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).

9. Compliance and Legal

9.1 Data Privacy and Protection

Anyset complies with applicable data privacy laws, including the GDPR and CCPA. For more details, refer to our Privacy Policy.

9.2 Regulatory Compliance

We align our security practices with industry frameworks and are actively working toward certifications such as SOC 2 to validate our controls.

9.3 Customer Responsibilities

Security is a shared responsibility. Anyset secures its platform, while customers are responsible for managing user access and secure usage of platform features.

10. Continuous Improvement

10.1 Policy Review

This policy is reviewed and updated at least annually to ensure relevance and alignment with our commitment to security.

10.2 Security Program Maturity Roadmap

We maintain a roadmap of future improvements, including full MFA adoption and pursuing security certifications to enhance customer trust.

11. Contact Information

Email: contact@anyset.ai
Phone: +1 (437) 900-2214
Website: www.anyset.ai

Demo

Ready to see it in action?

Explore how Anyset can streamline your next project—from kickoff to closeout—with a quick, hands-on demo.

Get a demo

Continuity—from precon through closeout

Products

SpecsCloseoutDocs

Legal

Privacy Policy
Terms of Service
Information Security Policy
AI Governance Policy
Cookie Policy

Contact

contact@anyset.ai+1 (437) 900-2214
Copyright © footer-year Anyset AI (Anyset Inc.)