1. Zero-Retention Card Security & PCI-DSS Scope

AIR ROOFERS SASU operates a strict zero-retention infrastructure. No cardholder data (primary account numbers, card names, exp dates, CVV security codes) ever touches, transits, or resides on our local web servers.

All transaction credentials are directly entered into PCI-DSS Level 1 compliant secure frames managed by Stripe Payments Europe Ltd (Dublin, Ireland) and PayPal Europe S.à r.l. (Luxembourg). Our servers receive only secure, single-use token references after transaction authorization, completely mitigating high-risk vectors.

2. Corporate Data Encryption

All data transmissions across the airroofers.fr/?lang=fr network, pricing subdomains, and customer dashboards are locked using Transport Layer Security (TLS 1.3) protocols. Entitlements generated by Mandatag are signed using cryptographically high-integrity algorithms, safeguarding enterprise hardware locks from unauthorized manipulation or duplication.

3. Security Vulnerability Disclosure Policy

We welcome reports from ethical security researchers. If you identify a potential security boundary variance in our front controller routing, portals, or sync daemons, please coordinate with our security operations team:

• Email reports directly to: security@airroofers.eu.
• Provide a clear narrative describing the vulnerable boundary and the exact sequence of steps to reproduce it.
• Allow our engineering team up to 12 business hours to validate and patch the identified variance prior to public disclosure.
• Prohibition Constraints: Do not execute DDoS actions, do not access other client files, and do not disrupt system availability.

🔒 Compliance Standard: All operations are subject to standard French cybersecurity directives, EU GDPR data processing directives, and OWASP ASVS industrial guidelines.