We raised $50M to transform the way businesses operate | Learn more →

Trust & Security

Your data belongs only to you. Our top priority is keeping it safe.

Our commitment towards security

At Ally.io, we believe that security is at the heart of any best-in-class solution, which is why we back ourselves with robust security and privacy practices that help us protect and secure your business data. We understand and respect the trust you place in Ally.io to maintain your business goals and priorities, rest assured, your security is our top priority.

Transparency, trust and control

Identity and access management

Ensure that only the right people can access your company’s information in Ally.io with features such as single sign-on, multi-factor authentication and automated user provisioning via SCIM and APIs. This is in accordance with the least privilege and the need to know principles.

Data protection

Data is encrypted in transit and at rest by default. We secure your data further with audit logs reviews and strong key management practices.

Information governance
& compliance

Inclusive and transparent governance and risk-management capabilities that are flexible enough to meet your organization’s needs, no matter what they are.

Reliable network infrastructure

Ally.io uses Heroku PaaS that runs on AWS for the hosting of staging and production environments. The data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 2 ( Type II) and ISO27001 certified.

Industry certified compliance

SOC 2 Type 2

Ally.io has obtained the SOC 2 - Type 2 certification, this means our design and operating effectiveness has been evaluated by an independent firm. To receive a copy of our SOC 2 report, please reach out to us at security@ally.io.

GDPR

Ally.io is committed to the security of its users and their information and is fully compliant with the requirements of the General Data Protection Regulation (GDPR). For more information about our GDPR policy head over here.

Best-in-class application security

Identity and access controls

We offer single sign-on (SSO) and multi-factor authentication (MFA) through SAML 2.0 that lets users authenticate without requiring them to enter additional login credentials. 

Data encryption

All communication is secured by TLS 1.2 or higher encryption, by default. We encrypt all the customer data at rest using industry standard AES256 algorithms. We also store sensitive content as hashed values to further protect your data.

Data retention and disposal

We retain some customer and usage data in order to fulfill statutory and regulatory requirements, and to meet operational needs. We encrypt and store this data in a database for as long as organizations are valid customers. When customers unsubscribe, their data is completely deleted in accordance with retention policies.  

Security at every layer at Ally.io

Dedicated security team

We have a dedicated security team who employ best practices while handling customer data. System and audit logs are consolidated and reviewed actively on an ongoing basis.

Effective vulnerability management

We identify possible security vulnerabilities through penetration tests to ensure we’re constantly improving our application security. Logs are analyzed and suspected activities are immediately reported and handled as security incidents.

Incident management
& response

We identify and close incidents with necessary actions. We will notify you of incidents that apply to you and suitable actions that you need to take.

Data security is our top priority

We may update our security policy from time to time. If you have any questions about our security guidelines, or notice any vulnerabilities that you would like to report, please contact us by email: security@ally.io

Try Ally.io for free today

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Free 14-day trial
Easy setup
Invite your whole team