> ## Documentation Index
> Fetch the complete documentation index at: https://docs.airdun.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Airdun Security: Data Access, Encryption, and Permissions

> Airdun uses read-only Stripe access, never stores card data, and encrypts everything in transit and at rest on EU-based infrastructure.

Airdun requests only the Stripe permissions required to detect failures and execute retries. It does not touch or store raw card data, and every workspace is isolated. This page documents how data is accessed, protected, and controlled.

## Stripe access and recovery scope

Airdun connects to Stripe through a scoped OAuth integration with two distinct access levels:

* **Audit phase** — read-only access to your Stripe account. Airdun reads payment history, subscription data, and failure reasons to build your recovery plan. It cannot modify anything in your account at this stage.
* **Recovery phase** — actions are strictly limited to **payment retries**. Airdun cannot create charges, issue refunds, modify subscription plans, or access any other part of your Stripe account.

<Note>
  You can revoke Airdun's Stripe access at any time directly from your **Stripe Dashboard → Settings → Connect → Connected applications** — no need to contact Airdun support. Revoking access immediately stops all recovery actions.
</Note>

## Card data Airdun never stores

Airdun is not a card vault, and it is not designed to be one. The following data never leaves Stripe's systems:

* Full card numbers (PANs)
* CVCs / CVVs
* Full bank account numbers

All payment method data lives exclusively within Stripe. Airdun works with tokenised references and metadata only.

## Workspace isolation

Every Airdun account operates in a logically isolated workspace. Your payment data, customer records, and recovery activity are partitioned at the data layer — no other merchant can query, view, or interact with your workspace. Airdun employees access production data only under strict internal controls and for support purposes only.

## Role-based permissions

You control who on your team can do what inside Airdun.

| Role              | What they can do                                                                                            |
| ----------------- | ----------------------------------------------------------------------------------------------------------- |
| **Owner**         | Full access: billing, integrations, team management, all settings                                           |
| **Administrator** | Full operational access: recovery sequences, analytics, settings — excluding billing and ownership transfer |
| **Member**        | View and act on recovery cases; cannot change account settings or manage team members                       |

Invite team members from **Settings → Team** and assign the appropriate role. Roles can be changed or revoked at any time.

## Encryption

* **In transit** — all data between your browser, Airdun's services, and third-party providers is encrypted using TLS 1.2 or higher.
* **At rest** — all stored data is encrypted at the infrastructure level.
* **Credentials** — sensitive credentials (such as integration tokens) receive an additional layer of application-level encryption on top of the infrastructure-level encryption.

## Authentication

Airdun does not store your password. Authentication is fully delegated to a dedicated identity provider, which handles credential storage, hashing, and breach detection independently of Airdun's own systems. You can also enable multi-factor authentication (MFA) from your identity provider account settings.

## Infrastructure

Airdun is hosted entirely on **Google Cloud Platform in the EU (Paris region, `europe-west9`)**. No data is processed or stored outside the European Union except where explicitly described in the [Privacy Policy](/legal/privacy) for specific third-party processors that operate under Standard Contractual Clauses.

***

<CardGroup cols={2}>
  <Card title="Privacy Policy" icon="file-shield" href="/legal/privacy">
    Full details on what data Airdun processes, how long it is retained, and your rights as a data subject.
  </Card>

  <Card title="Stripe App Marketplace" icon="stripe" href="https://marketplace.stripe.com/apps/airdun">
    Review Airdun's integration listing and permission scope on the official Stripe App Marketplace.
  </Card>
</CardGroup>
