At Ally.io, we believe that security is at the heart of any best-in-class solution, which is why we back ourselves with robust security and privacy practices that help us protect and secure your business data. We understand and respect the trust you place in Ally.io to maintain your business goals and priorities, rest assured, your security is our top priority.
Ensure that only the right people can access your company’s information in Ally.io with features such as single sign-on, multi-factor authentication and automated user provisioning via SCIM and APIs. This is in accordance with the least privilege and the need to know principles.
Data is encrypted in transit and at rest by default. We secure your data further with audit logs reviews and strong key management practices.
Inclusive and transparent governance and risk-management capabilities that are flexible enough to meet your organization’s needs, no matter what they are.
Ally.io uses Heroku PaaS that runs on AWS for the hosting of staging and production environments. The data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 2 ( Type II) and ISO27001 certified.
Ally.io has obtained the SOC 2 - Type 2 certification, this means our design and operating effectiveness has been evaluated by an independent firm. To receive a copy of our SOC 2 report, please reach out to us at [email protected].
Ally.io is committed to the security of its users and their information and is fully compliant with the requirements of the General Data Protection Regulation (GDPR). For more information about our GDPR policy head over here.
We offer single sign-on (SSO) and multi-factor authentication (MFA) through SAML 2.0 that lets users authenticate without requiring them to enter additional login credentials.
All communication is secured by TLS 1.2 or higher encryption, by default. We encrypt all the customer data at rest using industry standard AES256 algorithms. We also store sensitive content as hashed values to further protect your data.
We retain some customer and usage data in order to fulfill statutory and regulatory requirements, and to meet operational needs. We encrypt and store this data in a database for as long as organizations are valid customers. When customers unsubscribe, their data is completely deleted in accordance with retention policies.
We have a dedicated security team who employ best practices while handling customer data. System and audit logs are consolidated and reviewed actively on an ongoing basis.
We identify possible security vulnerabilities through penetration tests to ensure we’re constantly improving our application security. Logs are analyzed and suspected activities are immediately reported and handled as security incidents.
We identify and close incidents with necessary actions. We will notify you of incidents that apply to you and suitable actions that you need to take.
We may update our security policy from time to time. If you have any questions about our security guidelines, or notice any vulnerabilities that you would like to report, please contact us by email: [email protected]