Security & Infrastructure

Last update February 12th, 2026

  1. 1. Independent Security Audit

    We don't just grade our own homework. Our platform’s architecture and codebase have been rigorously audited by an independent security firm.

    This ensures that our defenses are validated by third-party experts and meet modern security standards against emerging threats.

  2. 2. Infrastructure & Sovereignty

    We do not manage our own servers in a basement. Automate Engineer is deployed on Amazon Web Services (AWS), the industry leader in cloud infrastructure.

    • Compute: Our core application runs on AWS EC2 instances, benefiting from AWS’s ISO 27001, SOC 1, 2, & 3, and PCI DSS Level 1 certifications.
    • Storage: All generated reports, site assessments, and user artifacts are stored in AWS S3, designed for 99.999999999% (11 9s) of data durability.
    • Encryption: Data is encrypted in transit using TLS 1.3 and at rest using AES-256 server-side encryption.

  3. 3. The Core Engine: Safety by Design

    Unlike traditional software built on legacy languages vulnerable to memory leaks and crashes, our core rendering engine is built in Rust.

    • Memory Safety: Rust’s strict compiler guarantees prevent entire classes of security vulnerabilities, such as buffer overflows and data races, ensuring that your reports are generated in a stable, isolated environment.
    • Zero Compromise: We achieve high-performance automated drafting without sacrificing the type-safety required for engineering accuracy.

  4. 4. Verified Data Sources

    Accuracy is a security feature. We never "scrape" or estimate critical environmental data.

    • Ordnance Survey: Mapping data is fetched directly via authenticated APIs from the Ordnance Survey, ensuring you are always looking at the latest authorized topology.
    • Government Data: Flood zones and environmental designations are sourced directly from DEFRA and official UK government datasets.

  5. 5. Payments & Compliance

    We focus on engineering, not banking.

    • Billing: Our payments and tax compliance are handled by Polar, a dedicated Merchant of Record.
    • Security: We do not access, store, or touch your credit card information. All transactions are PCI-compliant and processed securely external to our infrastructure.

  6. 6. Data Ownership

    Your IP is Yours. The reports, site redlines, and assessments you generate on Automate Engineer remain your intellectual property. We do not aggregate your client's specific site data for resale.