FAQ
Questions, answered in plain language.
If something here is unclear, mail team@air-tools.nl — a human replies.
General
Just got a security questionnaire — can you help?
That's exactly what Clair is for. A customer sends a questionnaire, an insurer asks for a posture summary — Clair drafts the answers from what she already knows about your business. You review and send. A questionnaire takes an hour instead of a week.
What is AIR-Tools?
A compliance assistant called Clair. She runs weekly scans of your stack, drafts the policies you need, and tells you the three things worth doing this week. Built for SMBs in regulated industries — GDPR, NIS2, DORA, ISO 27001.
Who is it for?
Owners and ops leads at companies with 10–250 people who deal with regulated data — healthcare, fintech, professional services, public-sector suppliers. Smart, busy, not compliance specialists.
Do I need technical knowledge?
No. Clair speaks in plain language and tells you what to do. If a step needs a developer or a lawyer, she says so.
GDPR & compliance
Is GDPR compliance affordable for an SMB?
Yes — built for SMBs without a dedicated security person. Clair replaces most of what a part-time DPO would cost. See the pricing page for what to expect; we'll quote you after a short call.
Do I need a DPO?
Most SMBs don't. Clair tells you when you do — based on the data you process and the rules that apply. If you do, she helps you find one.
Which frameworks are supported?
Today: GDPR, NIS2, ISO 27001 (Annex A), DORA. More on request — we add what customers actually need.
Data protection
Where is my data stored?
In the EU. Vercel for application hosting, Supabase for the database, both EU regions. Sub-processors are listed on the transparency page.
Do you sell or share my data?
No. Your organisational data is used to provide the service. We don't share it, sell it, or train models across customers.
Do you train AI models on my data?
No. Clair uses general-purpose language models to read regulations and write summaries. Your specific organisational data isn't used to train them.
Technical & data
Do I need to install anything?
No agents, no installs. Clair works from URLs and read-only API tokens you provide.
What happens if there's a data breach?
We have a documented incident response plan. If your data is affected, we notify you within the GDPR-required 72 hours and tell you exactly what was touched.
How does threat monitoring work?
Clair re-runs the scan weekly and on supplier changes. If she sees drift — a new public bucket, a lapsed policy, an expiring cert — she posts the next action.