Compliance & Frameworks

Last updated: 2026-06-24 · Operated by Aikey, Inc.
Quick reference for reviewers. This page maps how StrangerAIert's existing technical controls align with the regulations and security frameworks the service follows. Where a control is in place, the implementation reference is linked.

1. Applicable Regulations

Biometric notice. Face embeddings derived from your Ring camera footage are biometric data. Where the account owner has residents in states with biometric-specific laws — notably Illinois BIPA and Texas CUBI — those laws apply to the operator's use of StrangerAIert, in addition to the general consumer privacy laws above. StrangerAIert provides Notice and Consent at the point of camera enrollment (see Privacy Policy Section 3).

2. NIST Cybersecurity Framework (CSF) Alignment

StrangerAIert's controls are organized along the five NIST CSF functions. Each row references the concrete implementation.

CSF Function What it requires How StrangerAIert implements it
Identify in place Inventory of assets, data, and dependencies. Public storage and data-flow inventory at /architecture; sub-processor list at Privacy §9.
Protect in place Access control, data protection at rest and in transit, secure configuration. Encryption in transit (HTTPS with HSTS); cryptographic verification of inbound Ring webhooks; secure session cookies and standard browser security headers; encryption at rest on AWS cloud storage; Ring OAuth tokens kept server-side only; multi-tenant isolation enforced at the application layer.
Detect in place Continuous monitoring, detection of anomalous activity. AWS-level activity logged at the account level; an application audit trail records security-relevant events (login attempts, administrative actions); web server access and error logs; system journal.
Respond in place Response planning, communications, mitigation, improvement. Documented incident response posture and contact in our Privacy Policy; affected-user notification via email and in-app banner upon a confirmed personal-data incident.
Recover in place Recovery planning, communications, improvements. AWS S3 cross-Availability-Zone durability for camera clips; a secondary S3 bucket holds redundant copies.

3. AWS Well-Architected Framework — Security Pillar

The Security Pillar's six design areas mapped to our implementation.

Design Area How StrangerAIert applies it
Security Foundations Operations run in AWS under the principle of least privilege; administrative access is separated from runtime application access.
Identity & Access Management End users authenticate via password (stored as a salted one-way hash) and Ring OAuth for Ring access. Administrative authentication is separated. Sessions are server-side and protected by secure cookies.
Detection AWS-level activity is logged at the account level. An application audit trail records security-relevant events. Web server and system logs are retained per their rotation policies.
Infrastructure Protection HTTPS-only access with HSTS; standard browser security headers; network access controls restrict the application instance to expected traffic; the application is reachable only through the reverse proxy.
Data Protection Encryption at rest on AWS cloud storage; salted password hashing; Ring OAuth tokens kept server-side only; retention policies enforce automatic deletion of Ring-derived data after 90 days (Privacy §10).
Incident Response Documented response posture in our Privacy Policy; user notification channel (email + in-app banner); audit trail enables reconstruction of access events.

4. Cross-references