Trust at ANFA Meridian
Security, privacy, and compliance posture for the AAOT platform and ANFA Meridian services.
ANFA Meridian builds AAOT, an AI Avatar Outreach Technology used by businesses worldwide to run personalized B2B campaigns at scale. Trust is the foundation of that work. This page consolidates our security, privacy, and compliance posture, the documents we publish, the documents we sign on request, and the partners we rely on. It is intended for procurement teams, data protection officers, security reviewers, and anyone evaluating ANFA Meridian as a vendor.
Compliance
GDPR-aligned
EU General Data Protection Regulation. Lawful basis, data minimization, DSR workflows by design.
CCPA / CPRA
California Consumer Privacy Act. Right to know, delete, opt-out, and non-discrimination.
CAN-SPAM
US anti-spam legislation. Header identification, opt-out, sender accuracy.
SCC Aligned
Standard Contractual Clauses 2021/914 Module 2 for EU-to-US data transfers.
Cookie / ePrivacy
Compliant cookie banner and policy. Granular consent management.
NIST CSF v1.1
National Institute of Standards Cybersecurity Framework self-mapping.
CIS Controls v8 IG1
Center for Internet Security Critical Security Controls self-assessment.
OWASP Top 10 (2021)
Application security checklist applied across AAOT services.
Self-assessments and mappings are reviewed annually. Detailed assessment documents are available on request to qualified prospects under NDA.
Security
ANFA Meridian operates under a security-by-design posture. We continuously map our practices to recognized industry frameworks and publish a vulnerability disclosure program to encourage responsible reporting.
Network and infrastructure
- TLS 1.2 or higher enforced on all public endpoints.
- Production data encrypted at rest using AES-256.
- Cloudflare protection (DDoS mitigation, WAF rules) at the edge.
- SSL Labs A+ rating and Mozilla Observatory A+ rating maintained on anfameridian.com.
Application security
- OWASP Top 10 (2021) checklist applied to AAOT services (Video Sequencer, Video Generator, Website).
- Dependency scanning and quarterly review of API keys for all sub-processors.
- Self-mapped to NIST CSF v1.1 (Identify, Protect, Detect, Respond, Recover).
- CIS Controls v8 Implementation Group 1 (Essential Cyber Hygiene) self-assessment completed.
Operational security
- Multi-factor authentication (MFA) enforced on all administrative accounts.
- Role-based access control with the principle of least privilege.
- Confidentiality obligations and security awareness training for all personnel.
- Quarterly key rotation for sub-processor credentials.
Responsible disclosure
We operate a Vulnerability Disclosure Program. Security researchers are invited to report findings through our published policy.
Read the Vulnerability Disclosure Policy → · security.txt (RFC 9116)
Privacy and data
ANFA Meridian processes personal data under a transparent, documented, and lawful framework. We publish our Privacy Policy, Cookie Policy, and Terms of Service, and we sign a Data Processing Agreement on request with clients operating under GDPR, UK GDPR, or Swiss FADP.
Privacy Policy
Explains how ANFA Meridian collects, uses, discloses, and protects personal data. Covers GDPR, CCPA, and international data transfers.
Read →Cookie Policy
Describes the cookies and similar technologies used on anfameridian.com, the purposes they serve, and how to control them.
Read →Terms of Service
Sets out the legal framework governing the use of ANFA Meridian's services, including the AAOT platform. Includes our Client Warranties clause covering recipient consent and lawful data sourcing.
Read →Sub-processors
ANFA Meridian relies on a curated set of sub-processors to deliver the AAOT platform. All sub-processors are bound by data protection obligations consistent with GDPR Article 28. We notify clients in advance of any addition or replacement of sub-processors.
| Sub-processor | Service | Location |
|---|---|---|
| Smartlead | Email outreach infrastructure | USA |
| Unipile | Multi-channel messaging (LinkedIn, WhatsApp, Instagram) | France |
| Twilio | WhatsApp media delivery | USA |
| HeyGen | AI avatar video generation | USA |
| Cloudflare R2 | Object storage for video assets | USA / global edge |
| OpenAI | Text personalization | USA |
| Railway | Application hosting and database | USA |
| Termly | Privacy compliance management | USA |
Updated list available upon request to legal@anfameridian.com. Notification of any change occurs at least 30 days in advance.
Memberships and certifications
ANFA Meridian holds the following affiliations that contribute to its professional standing and accountability.
Beverly Hills Chamber of Commerce
Active member of the Beverly Hills Chamber of Commerce, contributing to the Los Angeles business community since 2026.
Documents available on request
The following documents are available to qualified prospects and clients on request. Please contact legal@anfameridian.com to receive them.
- Data Processing Agreement (DPA) template — compliant with GDPR Article 28, Standard Contractual Clauses (Module 2), UK International Data Transfer Addendum, and Swiss FADP.
- Sub-processor list (current version, with date stamps).
- LinkedIn Compliance Statement — describing how AAOT operates on LinkedIn in compliance with LinkedIn's Terms of Service.
- NIST CSF v1.1 self-mapping document.
- CIS Controls v8 (IG1) self-assessment.
- OWASP Top 10 (2021) self-assessment.
- Security posture overview (compliance summary deck for RFP responses).
Contact
Different inquiries route to different channels. Please use the appropriate address below.
Privacy inquiries
For data subject requests (access, rectification, erasure, portability, objection) and general privacy questions.
privacy@anfameridian.comSecurity inquiries
For vulnerability reports and security-related questions. See also our public security policy.
security@anfameridian.comLegal and compliance
For Data Processing Agreement requests, contract questions, and compliance documentation.
legal@anfameridian.comLast updated June 18, 2026. ANFA Meridian, 1818 Fairburn Avenue, Los Angeles, CA 90025, United States.