Avion takes security and data privacy very seriously. Keeping our customers’ data protected at all times is our highest priority. This security policy provides a high-level overview of the security practices that we follow.
If you have any feedback or questions, please feel free to email us at email@example.com
Avion is fully compliant with the General Data Protection Regulation (GDPR). We follow the regulations outlined in the GDPR in order to protect the privacy of all our users and also give control over their personal data.
We will never send marketing material to anyone without explicit consent from them first.
All of our services run in the cloud and we rely on Amazon Web Services (AWS) for our application infrastructure. This ensures that our infrastructure is fully compliant with the majority of security certifications. You can read about Amazon’s security practices here.
We also use strong network security such as VPNs and IP restriction throughout our infrastructure.
Our development team follow a set of industry best practices with regards to secure development. Below are some of the security practices we follow:
All data is encrypted between client and server communications using TLS (SSL) and we also have HTTP Strict Transport Security (HSTS) with long duration deployed on any app server. In addition to this, all data is encrypted at rest. All passwords are hashed and salted.
We make use of various industry best practices with regards to application and network-level security. Our technical architecture has been designed with security in mind, and we protect and monitor our network for unauthorised access using the following:
We keep point in time backups over the last 24 hours and daily, weekly and monthly database snapshots up to one year.
Employees are not granted access to customer data unless it is required for customer support. Employees sign a non-disclosure agreement (NDA) to protect our customers’ sensitive information.