How is pricing calculated?

Pricing is based on the hourly rate of operators in your selected region. You only pay for the time operators spend controlling your robots.

What robots are supported?

We support 9+ robot arms including SO-100, Koch, Franka FR3, Franka Panda, WidowX 250, ViperX 300, ViperX 300s, and ALOHA.

What is the latency for teleoperation?

Our platform provides ultra-low latency of 30-70ms worldwide, enabling real-time responsive robot control.

Trust and Safety

Security at AY Robots

We take the security of your data and robot operations seriously. Our comprehensive security program protects your information with industry-leading practices and technologies.

Our Security Commitment

At AY Robots, security is not just a feature, it is fundamental to everything we do. We understand that our customers trust us with sensitive data and critical robot operations, and we are committed to earning and maintaining that trust through rigorous security practices.

Our security program is designed around three core principles: defense in depth, continuous improvement, and transparency. We implement multiple layers of security controls, regularly assess and improve our security posture, and communicate openly about our security practices.

Security Features

Our platform is built with security at its core. Here are the key security features that protect your data and operations.

End-to-End Encryption

All data transmitted between operators, clients, and robots is encrypted using TLS 1.3 with AES-256-GCM encryption, ensuring your data remains private and secure during transmission.

Secure Cloud Infrastructure

Our platform runs on enterprise-grade infrastructure with SOC 2 Type II compliant cloud providers. Servers are located in EU data centers with strict physical security controls.

Advanced Access Control

Role-based access control (RBAC) ensures users only access authorized resources. Multi-factor authentication (MFA) is available and recommended for all accounts.

Comprehensive Monitoring

Real-time monitoring, logging, and alerting of all platform activities. Suspicious activity triggers immediate investigation and response by our security team.

Regular Security Audits

We conduct quarterly security assessments, annual penetration testing by third-party experts, and continuous automated vulnerability scanning of our systems.

GDPR Compliance

Full compliance with the General Data Protection Regulation (GDPR) and German data protection laws. Your privacy rights are respected and protected.

Data Encryption at Rest

All stored data is encrypted using AES-256 encryption. Encryption keys are managed through secure key management systems with regular rotation policies.

DDoS Protection

Enterprise-grade DDoS mitigation protects our platform from denial-of-service attacks, ensuring high availability even during attack attempts.

Security Practices

Our comprehensive security program encompasses technical controls, operational procedures, and access management to protect your data at every level.

Technical Controls

TLS 1.3 encryption for all data in transit

AES-256 encryption for all data at rest

Secure password hashing using bcrypt with salting

Web Application Firewall (WAF) protection

Automated vulnerability scanning and patching

Network segmentation and firewalls

Intrusion detection and prevention systems (IDS/IPS)

Container security and image scanning

Operational Security

All employee devices are encrypted and managed

Security awareness training for all team members

Background checks for employees with system access

Incident response plan with 24/7 on-call support

Regular backup and disaster recovery testing

Secure software development lifecycle (SDLC)

Code reviews and security testing for all changes

Third-party vendor security assessments

Access Management

Principle of least privilege access

Multi-factor authentication (MFA) for all administrative access

Regular access reviews and deprovisioning

Session timeout and automatic logout policies

Privileged access management (PAM) for sensitive systems

Audit logging for all access events

Just-in-time (JIT) access for elevated privileges

Segregation of duties for critical operations

Data Protection

We implement comprehensive technical and organizational measures to protect your personal data and robot operation data against unauthorized access, alteration, disclosure, or destruction.

Data at Rest

All data is encrypted using AES-256-GCM encryption
Encryption keys are managed through dedicated key management systems (KMS)
Regular key rotation policies are enforced (minimum every 90 days for sensitive data)
Database backups are encrypted and stored in geographically separate locations
Secure deletion procedures ensure data is unrecoverable when removed
Hardware security modules (HSMs) protect critical encryption keys

Data in Transit

TLS 1.3 encryption for all network communications
Secure WebSocket connections (WSS) for real-time teleoperation streams
Certificate pinning to prevent man-in-the-middle attacks
HTTPS enforced across all services with HSTS headers
Perfect forward secrecy (PFS) ensures past communications remain secure
Modern cipher suites only, with deprecated protocols disabled

Session Security

Secure session management with cryptographically random session tokens
Automatic session timeout after periods of inactivity
Session invalidation on logout and password change
Protection against session fixation and hijacking attacks
Real-time session monitoring for anomalous activity

Robot Communication Security

End-to-end encrypted channels between operators and robots
Mutual TLS (mTLS) authentication for robot connections
Secure command signing to prevent command injection
Network isolation for robot control traffic
Rate limiting to prevent abuse and ensure fair resource allocation

Compliance and Standards

We maintain compliance with relevant regulations and align our practices with industry-recognized security standards.

GDPR

General Data Protection Regulation

Full compliance with EU data protection requirements including data subject rights, lawful processing, data minimization, and breach notification procedures.

BDSG

German Federal Data Protection Act

Compliance with German national data protection legislation, including specific requirements for processing employee and customer data.

ISO 27001

Information Security Management

Our security practices are aligned with ISO 27001 standards. We are working toward formal certification to demonstrate our commitment to information security.

SOC 2

Service Organization Control

Our cloud infrastructure partners maintain SOC 2 Type II compliance. We implement controls aligned with SOC 2 trust service criteria.

Incident Response

Despite our best efforts, security incidents can occur. We maintain a comprehensive incident response program to detect, respond to, and recover from security events quickly and effectively.

Incident Response Process

Detection and Identification: Continuous monitoring systems detect potential security incidents. Our security team is on-call 24/7 to respond to alerts.
Containment: We immediately isolate affected systems to prevent further damage while preserving evidence for investigation.
Investigation: Our security team conducts a thorough investigation to determine the scope, impact, and root cause of the incident.
Eradication: We remove the threat and address the vulnerability that allowed the incident to occur.
Recovery: Systems are restored to normal operation with enhanced monitoring to ensure the threat has been eliminated.
Lessons Learned: We conduct a post-incident review to identify improvements and prevent similar incidents in the future.

Breach Notification

In the event of a data breach affecting your personal data, we will:

Notify the relevant supervisory authority within 72 hours as required by GDPR
Inform affected individuals without undue delay if there is a high risk to their rights
Provide clear information about the nature of the breach and steps taken
Offer guidance on actions individuals can take to protect themselves

Business Continuity

We maintain business continuity and disaster recovery plans to ensure service availability:

Geographically distributed infrastructure for redundancy
Regular backup testing and recovery drills
Defined recovery time objectives (RTO) and recovery point objectives (RPO)
Failover procedures for critical systems
Communication plans for notifying customers during incidents

Responsible Vulnerability Disclosure

We value the security research community and appreciate their efforts in helping us maintain a secure platform. If you discover a security vulnerability, we encourage you to report it responsibly.

How to Report a Vulnerability

security@ay-robots.com

Please include:

A detailed description of the vulnerability
Steps to reproduce the issue
Potential impact assessment
Any proof-of-concept code (if applicable)
Your contact information for follow-up

Our Commitment to Researchers

Acknowledgment: We will acknowledge receipt of your report within 24 hours

Timeline: We will provide a resolution timeline within 5 business days

Communication: We will keep you informed of our progress

Safe Harbor: We will not pursue legal action against researchers who follow responsible disclosure practices

Report a Security Issue

If you discover a security vulnerability or have concerns about the security of our platform, please contact us immediately. We take all reports seriously and will investigate promptly.

Report a Vulnerability

Security Contact Information

For security-related questions, concerns, or to report a vulnerability, please contact our security team:

Security Team
AY Robots
Email: security@ay-robots.com

For general inquiries: info@ay-robots.com
For privacy-related inquiries: privacy@ay-robots.com

Last Security Review: December 2024
Next Scheduled Audit: Q1 2025

Back to Home Impressum Privacy Policy Terms of Service