Security | Aqivon

Security is core to how Aqivon is designed. This page summarizes our approach. If you have a specific security or compliance question, email hello@aqivon.com and we will route it to the right person.

Edge-first architecture

All AI inference in Aqivon runs on a local edge device on your network. Camera feeds, detection events, and recognition data stay on your premises. There is no cloud round-trip required for core functionality.

You retain ownership and control of:

Camera feeds
Detection events and metadata
Recognition data and identity records
Configuration, rules, and audit logs

W3Villa Technologies does not have access to this data unless you specifically enable a remote support feature in writing.

For most deployments, no video data leaves your network, detection events do not transit our infrastructure, and sensitive recognition data does not appear in any cloud system we operate. This is the architectural reason Aqivon works for environments where uploading video is not acceptable.

How we build Aqivon

Our engineering practices include:

Code review on every change before it is merged
Automated checks for known vulnerabilities in software dependencies
Access controls for development and build environments
Separate environments for development, staging, and customer deployments

Customer security responsibilities

Because Aqivon runs in your environment, parts of the security boundary are owned by you:

Network access to the edge device, including firewall rules
Camera access controls and credentials
User access to the dashboard, including password and account management
Physical access to the edge device

We can advise on these areas during deployment. We cannot enforce them remotely.

Reporting a security issue

If you believe you have found a security issue in Aqivon or this website, please email security@aqivon.com. Include enough detail for us to reproduce the issue. We aim to acknowledge reports within two business days.

We ask that you:

Give us a reasonable window to investigate and respond before disclosing publicly
Do not access, modify, or delete data that does not belong to you
Do not run automated scans against production systems without prior written agreement

Compliance

Compliance requirements vary by industry and region. If your organization needs to meet specific frameworks (SOC 2, HIPAA, ISO 27001, GDPR, or others), contact us so we can walk through what we currently support, what is in progress, and what would require custom work.

Contact General: hello@aqivon.com
Security disclosures: security@aqivon.com