Security practices.

Website

This site is static, served over HTTPS with HSTS, and collects no data on its own. There are no accounts, no passwords and no payment forms on this website, which removes whole categories of risk by design.

AeroReception

• Encryption in transit: calls, transcripts and CRM syncs move over encrypted connections (TLS).
• Vetted infrastructure: telephony and voice AI run on established commercial platforms with their own security programs; we configure them per client with unique credentials.
• Least privilege: each deployment gets only the access it needs: your calendar's booking scope and your CRM's contact and note scopes, nothing wider. Access is revocable by you at any time.
• Data separation: every client's call flows, recordings and transcripts are isolated to that client's configuration. No data is pooled across clients.
• No payment data on calls: AeroReception is configured never to ask callers for full card numbers, government IDs or passwords.

Consulting engagements

Client systems are accessed through accounts the client creates and controls, so access is revocable the moment an engagement ends. Credentials live in a password manager, never in documents or chat. Anything sensitive is shared over channels the client approves.

Honest limits

This is a founder-led practice, not an enterprise with a security department, and we don't claim certifications we don't hold. There are currently no third-party audit reports (such as SOC 2) to share. What you get instead is a small, accountable operation, conservative defaults and direct answers to security questions before you sign anything.

Reporting an issue

Found a vulnerability or something that looks wrong? Email jrmylzr25@gmail.com with the details. You'll get a reply within one business day, and good-faith reports are always welcome.