Aivo has successfully earned ISO 27001 certification, ensuring compliance with legal requirements and secure handling of information. Our infrastructure as a service is provided by Amazon Web Services (AWS aws.amazon.com/security)
Our production environment is completely separate from DEV, TEST and QA. Aivo doesn't use data from the production environment in other environments.
We have AWS IAM to manage separate and restricted AWS credentials for each of our environments. This limits the services available for each environment and divides them into compartments.
Thanks to strict role-based access control (RBAC), we avoid any type of incorrect access. We also use two-factor authentication for this kind of access.
To guarantee data protection, we use strict access controls along with robust encryption.
Aivo staff doesn't access or interact with customer data or applications as part of normal operations, unless requested or as required by law.
All of our customers’ data (whether stored or traveling over public networks) is encrypted using TLS 1.2 or higher. Implementing TLS establishes the use of strong, industry-approved encryption.
Databases are encrypted using the AES-256 algorithm.
Aivo has developed a high availability setup based on active-active clusters, supported by the use of multi zones, ensuring that each service is active in at least three computer centers simultaneously.
Database replication has also been implemented with a master-slave setup, each with automatic replication in a different zone. This deployment automatically provides and maintains synchronous standby replication within a different availability zone.
The entire solution is behind a load balancing cluster that handles distributing the workload among all the instances.
We offer our services through multi-tenant architecture. This means the application and infrastructure are shared among several customers.
To ensure the confidentiality, integrity and availability of customer information, our solution ensures that:
We are GDPR-compliant. We protect the personal data of customers and users thanks to specially designed technical, physical and administrative security measures.
We only use the collected information in accordance with this policy and for specifically stated reasons.
We guarantee the data protection rights of customers and users and provide a way to exercise them effectively.
If you have any concern, contact our Privacy Officer: Florencia Scarafía (firstname.lastname@example.org)
We have external providers that regularly analyze and monitor our apps and network to detect vulnerabilities. This helps us avoid potential security problems on our apps, servers and network layers. Assessments include:
We also perform regular static and dynamic code reviews.
Honoring our commitment to constantly improve cybersecurity, Aivo added SSO access to the platform. You can login to my.aivo.co through different protocols, such as SAML.
With a single point for login and credentials, productivity and user experience are enhanced. At the same time, it reinforces the company's security against the threats of modern digital life.
All system events are recorded in a central registry, with any unusual event marked for review.
All the user's actions are recorded in a secure access log, which recognizes the user's information, the time stamp, the IP address, etc. and the resources that are accessed. This information can then be retrieved quickly if a forensic investigation is needed.
We plan to always inform our customers about incidents related to their data security (as soon as it's safe and wise to do so), and we'll share any relevant information to allow customers to take any necessary steps on their end.
We're working non-stop to ensure our system is as secure as possible. If you have any questions, contact our security team at email@example.com