At Avallone, we are committed to security.
SOC 2 Type 2 and Type 1 Certified, Avallone safeguards our customers' and end users' data as if it were our own.
We make our data management practices transparent, so every user of our platform is comfortable and confident that their data is protected.
Knowing that we’ve been entrusted with confidential, valuable data and in light of GDPR, we’ve set high standards for security and our infrastructure team to protect your data.
We've attained our SOC 2 Type 2 and Type 1 certification - which has rigorous compliance requirements including audits - so our customers can be sure that sensitive information is always handled responsibly.
Regardless of where end-users are located, they can be assured that Avallone is are dedicated to user data privacy and meeting the legal obligations on how to treat EU citizens’ personal data.
Unless you provide the authorization, no company other than Avallone is allowed to access your information. Avallone has taken appropriate, industry best-practice measures to protect information from loss, misuse and unauthorized access, disclosure, alteration and destruction. In the event of any threats, we are prepared to swiftly detect and respond immediately.
All customer data is always and exclusively hosted in Avallone’s ISO 27001 certified hosting center within Amazon Web Services (AWS) which is SOC compliant (with SOC 1,2 and 3 certifications) and adheres to multiple other industry-specific security certifications and standards.
Specifically, our infrastructure with AWS is hosted in Frankfurt, Germany. This is designed to follow international security standards and regulations, while protecting confidentiality, data sovereignty, and data privacy regulations. This specific location has been chosen as it is both in the EU and as we view Germany as an exemplary leader in the implementation of privacy and GDPR.
.svg)
Advanced encryption technology is always applied to help secure data. With 256‑bit TLS/SSL encryption and 2048‑bit RSA public keys, Avallone encrypts all data at rest and all network traffic.
From our thorough recruitment process to our secure web application development training, Avallone aims to hire and retain a team of best-in-class engineers with demonstrated track records and superlative references. Our development team employs secure coding techniques and follows best practices.
Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
Access to customer data is limited to only a few of our qualified engineers. With multiple restrictions in place to protect access to production servers, be assured that your data is safe.
To maintain a state-of-the-art infrastructure, Avallone constantly and rigorously reviews and implements emerging technology. Continuous monitoring of our security infrastructure includes measures such as regular vulnerability testing by third party companies. Should any exposures be identified during penetration testing, our team swiftly remedies the issue according to severity.
.svg)
As with other SaaS providers, the assistance of trusted third party sub-processors is needed in the maintenance of our business + commitments to our customers. We limit these sub-processors to the essential, and should you wish to have this list, please contact us.
Avallone’s asset management policy includes identification, classification, retention and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption and up-to-date antivirus software. Only company-issued devices are permitted to access corporate and production networks.
Avallone’s security incident response process covers the initial response, investigation, customer notification (no less than as required by applicable law), public communication, and remediation.
Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity. Avallone employs a backup strategy to ensure minimum downtime and data loss.
Have questions? Contact us if you’d like to report a security issue, at security-disclosure@avallone.io
Avallone follows standard EU data protection agreement best practices. For more information, please refer to our Privacy Policy below.
It’s important to know that in reference to Anti-Money Laundering, different countries have different regulations regarding data retention periods and rules that go beyond GDPR.
At Avallone, we don’t see GDPR as merely a legal obligation or just another compliance checkbox to tick. Our relationships with you - our customers - along with the trust you place in us, are all at the core of our business, and we never take that for granted. Avallone sees GDPR as an opportunity to demonstrate our commitment to protecting customer data and to support our customers in ensuring that they are GDPR compliant.
The General Data Protection Regulation (GDPR) took effect on May 25, 2018. It seeks to harmonize the approach to data protection matters across Europe by establishing a single set of pan-European rules. It replaced the Data Protection Directive which has been law across the European Union for the past 20 years. For the complete text within the GDPR, click here.
We’re deeply committed to you and the protection of your data. It’s in our DNA to hold the protection of our customers’ information and their users’ privacy as the utmost importance to us. Our data protection and privacy practices reflect our dedication to regulatory requirements.
When it comes to GDPR, Avallone is considered to be a processor for the data we collect from you, the controller. As a processor, Avallone ensures that any data - entrusted to us by data subjects within the European Union - will have:
Avallone’s asset management policy includes identification, classification, retention and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption and up-to-date antivirus software. Only company-issued devices are permitted to access corporate and production networks.
We pride ourselves on the education we provide our employees regarding GDPR and security. New employees are taken through a thorough training, and we regularly run workshops and programs at a cross-company level. Data is our business so we make sure our employees understand and adhere to the best practices around treatment of data.
Have questions? Please contact us at privacy@avallone.io if you have any questions about our GDPR compliance.
-min.png)
.svg)