Security at Alloy

Security and correctness of customer data is paramount to us at Alloy. We have embedded both correctness and data security aspects not only in the software development lifecycle processes at Alloy, but also in company-wide processes. The purpose and the goal of our security processes are to ensure the prevention of data leakage & loss, maintain a highly available platform and to serve data at the highest possible quality.

Security Program Highlights

  • Network Security

    Alloy follows industry best practices for its network security. Network traffic is only allowed based on a need-to-know principle. All traffic goes through HTTPS and is encrypted. Alloy has an A rating from Security Headers. Firewalls and intrusion detection systems are in place at the Google level as well as within the infrastructure managed by Alloy.

  • Application Security

    Alloy regularly engages third-party security researchers to conduct penetration tests on a grey-box, risk-based and time-framed approach according to OWASP Application Security Verification Standard (ASVS). Single Sign-On is supported via SAML, allowing customers to enforce their corporate security best practices

  • Data Security & Privacy

    Alloy encrypts data at rest and in transit for all of our customers. Alloy stores all customer data in Google Cloud Platform which is encrypted at rest by default. All data in transit and all requests to Alloy services are encrypted with TLS 1.2. HTTPS is enforced via the Strict-Transport-Security header and by directing all traffic to TLS-secured endpoints. Alloy has an A+ rating from SSL Labs. Alloy is GDPR compliant, and only engages with data sub-processors who are also GDPR compliant.

Security Certifications & Compliance



Alloy maintains a SOC2 Type II for Security


Alloy prioritizes data protection, control and compliance with GDPR


Alloy prioritizes data protection, control and compliance with CCPA

Resources

Looking to report a security concern?

Contact Security