Security & Compliance

Edge-first data processing

AiRK systems are built to process data on-device — call audio, drone imagery, sensor streams — so less sensitive data has to leave your environment. The calling agent's speech recognition and synthesis run locally on the Jetson platform. Drone imagery is analysed on-board. AMR navigation decisions happen on the robot.

This is an architectural choice, not a marketing claim: keeping data on-device reduces exposure surface, simplifies compliance in sensitive industries, and eliminates cloud round-trip latency.

Encryption in transit & at rest

Data in transit is protected with modern TLS (1.2 minimum, 1.3 preferred). Data at rest is encrypted on-device and in any upstream storage.

[Specifics — confirm cipher suites, key management, and at-rest encryption implementation before publishing.]

Data protection across markets

AiRK operates across the UAE, India, and the USA — three markets with distinct data-protection frameworks. Our systems are designed around the requirements of each:

• UAE PDPL (Personal Data Protection Law): Designed around consent, data minimisation, and cross-border transfer obligations under the UAE PDPL.
• India DPDP Act (Digital Personal Data Protection Act): Designed around consent-based processing, purpose limitation, and Data Fiduciary obligations under the DPDP Act, 2023.
• US frameworks: Designed with awareness of applicable state and federal data-protection frameworks, including CCPA where relevant.

[Confirm your specific compliance status with legal counsel before making public representations.]

Telecom compliance — AI Calling Agent

The calling agent is designed to operate within the telemarketing and outbound communication rules of the markets we serve:

• UAE (TDRA): Designed around UAE Telecommunications and Digital Government Regulatory Authority requirements, including the Do Not Call Registry and consent obligations for outbound communication.
• India: Designed with awareness of TRAI DND (Do Not Disturb) regulations and consent requirements for commercial communication.
• USA: Designed with awareness of TCPA requirements and FTC/FCC rules for automated outbound calls.

[Verify per deployment, jurisdiction, and use case with legal and compliance counsel. Regulatory status is a customer responsibility.]

Aerial & robotics operational compliance

Drone operations are regulated by civil-aviation authorities in each market. AiRK supports customers in understanding and meeting applicable requirements — but regulatory approval is the customer's responsibility.

• US FAA: UAS operations under Part 107 and applicable waivers.
• India DGCA: UAS regulations under the Drone Rules, 2021, and applicable approvals.
• UAE GCAA: UAS operations under GCAA/CAAN regulations and applicable NOTAM procedures.

AMRs are deployed with operational-safety practices: zone demarcation, personnel awareness protocols, and speed governance. Specifics depend on the facility and jurisdiction.

[Not a substitute for regulatory approval. Verify requirements before any deployment. AiRK does not provide regulatory approvals.]

Access control & audit logging

Role-based access control governs who can configure, monitor, and report on AiRK systems. Audit logging records system actions for accountability and incident investigation.

[Detail specific RBAC model and log retention per implementation. Confirm before publishing.]

Vulnerability disclosure

If you discover a security vulnerability in an AiRK system or this website, please report it responsibly:

• Email: security@airkrobotics.com
• Security policy: /.well-known/security.txt

We aim to acknowledge security reports within 2 business days and to provide a substantive response within 10 business days. We do not pursue legal action against good-faith reporters.