Check out our latest free video – 4 steps to incredible story maps Watch now

Security and compliance

Overview

Avion takes security and data privacy very seriously. Keeping our customers' data protected at all times is our highest priority. This security policy provides a high-level overview of the security practices that we follow.

If you have any feedback or questions, please feel free to email us at support@avion.io

Data Privacy

Avion is fully compliant with the General Data Protection Regulation (GDPR). We follow the regulations outlined in the GDPR in order to protect the privacy of all our users and also give control over their personal data.

We will never send marketing material to anyone without explicit consent from them first.

Infrastructure

All of our services run in the cloud and we rely on Amazon Web Services (AWS) for our application infrastructure. This ensures that our infrastructure is fully compliant with the majority of security certifications. You can read about Amazon's security practices here.

We also use strong network security such as VPNs and IP restriction throughout our infrastructure.

Secure Development Practices

Our development team follow a set of industry best practices with regards to secure development. Below are some of the security practices we follow:

Encryption

All data is encrypted between client and server communications using TLS (SSL) and we also have HTTP Strict Transport Security (HSTS) with long duration deployed on any app server. In addition to this, all data is encrypted at rest. All passwords are hashed and salted.

You can view our SSL report here

Application Security

We make use of various industry best practices with regards to application and network-level security. Our technical architecture has been designed with security in mind, and we protect and monitor our network for unauthorised access using the following:

User Protection

Backups and Disaster Recovery

We keep point in time backups over the last 24 hours and daily, weekly and monthly database snapshots up to one year.

Employee access

Employees are not granted access to customer data unless it is required for customer support. Employees sign a non-disclosure agreement (NDA) to protect our customers' sensitive information.