Security at Alloy.ai
Security and correctness of customer data is paramount to us at Alloy.ai. We have embedded both correctness and data security aspects not only in the software development lifecycle processes at Alloy.ai, but also in company-wide processes. The purpose and the goal of our security processes are to ensure the prevention of data leakage & loss, maintain a highly available platform and to serve data at the highest possible quality.
Security Program Highlights
-
Network Security
Alloy.ai follows industry best practices for its network security. Network traffic is only allowed based on a need-to-know principle. All traffic goes through HTTPS and is encrypted. Alloy.ai has an A rating from Security Headers. Firewalls and intrusion detection systems are in place at the Google level as well as within the infrastructure managed by Alloy.ai.
-
Application Security
Alloy.ai regularly engages third-party security researchers to conduct penetration tests on a grey-box, risk-based and time-framed approach according to OWASP Application Security Verification Standard (ASVS). Single Sign-On is supported via SAML, allowing customers to enforce their corporate security best practices
-
Data Security & Privacy
Alloy.ai encrypts data at rest and in transit for all of our customers. Alloy.ai stores all customer data in Google Cloud Platform which is encrypted at rest by default. All data in transit and all requests to Alloy.ai services are encrypted with TLS 1.2. HTTPS is enforced via the Strict-Transport-Security header and by directing all traffic to TLS-secured endpoints. Alloy.ai has an A+ rating from SSL Labs. Alloy.ai is GDPR compliant, and only engages with data sub-processors who are also GDPR compliant.
Security Certifications & Compliance
Alloy.ai maintains a SOC2 Type II for Security
Alloy.ai prioritizes data protection, control and compliance with GDPR
Alloy.ai prioritizes data protection, control and compliance with CCPA