Last updated 1 July 2026
Your client and listing information matters. Every claim on this page is true of how Airea is actually built today — we deliberately do not claim certifications we don't hold. Here's how Airea protects your data.
Every agent's data is separated at the database level using PostgreSQL row-level security, enforced for the application's restricted database role and tested so that no account can read or write another account's data. Isolation is enforced by the database itself, not just by application code.
Card payments go directly to Stripe (a PCI-DSS Level 1 provider) through their hosted checkout. Airea never sees or stores your card number — we hold only your subscription status and a Stripe reference.
All traffic is served over HTTPS/TLS via Cloudflare, which also provides network-level DDoS protection.
Your data is backed up daily and copied offsite, encrypted (AES-256), to Cloudflare R2 — and we've tested restoring from it.
Airea is hosted in New Zealand, which keeps your data onshore. Some global providers (Cloudflare, Stripe, Google, Microsoft) process limited data offshore to deliver their part of the service — see our subprocessors list.
Airea is built to align with the New Zealand Privacy Act 2020. See our privacy policy and subprocessors list. We do not sell your data or use your content to train external AI models.
Airea is a young product. We are transparent about where we are:
If your agency has specific security requirements, contact [email protected]— we're happy to share detail and complete reasonable security questionnaires.
Found a security issue? Please email [email protected]. We'll acknowledge and work with you to resolve it; please don't publicly disclose until it's fixed.