Trust Center

Compliance and security are key, and in Apps we trust.

Your privacy is important to us, and so is being open about our operations and how your data is processed.
‍
Our apps process personal data in accordance with our Data Processing Addendum, which can be found here. A detailed FAQ about trust can be found here.

Compliance

In order to deliver high-quality apps, Avisi Apps maintains compliance with all AVG/GDPR and CCPA standards, are HIPPA compliant, holds a SOC 2 declaration and possess both ISO 27701:2019 and ISO 27001:2022 certifications.

All Avisi Apps employees are required to take a security introduction workshop as part of their on-boarding.

Our certificates can be requested from our service desk or via these quick links:

Architecture

Our apps are cloud-hosted multi-tenant SaaS applications that utilize cloud computing service offerings from Google Cloud Platform (GCP) and Firebase as the core building blocks. Tenants are segregated by the installation and authentication methods provided by the ecosystem's host product.

GCP manages the security and compliance of the cloud computing infrastructure, while Avisi Apps manages the security and compliance of the software and sensitive data residing within the cloud computing infrastructure.

Our apps are built using the Clojure(script) programming language and use technologies like Reitit, Pathom, and Fulcro to deliver our web applications. While there can be distinctions between our apps regarding architecture and data flow, the most common approach to delivering the web application is through a single cloud function, which in turn reaches out to Firestore and other cloud functions.

Authentication

Our apps integrate with Atlassian's and monday.com's third-party authentication mechanisms. Customers are authenticated to our applications using a JSON Web Token (JWT) provided by the host product of the ecosystem. More information on the authentication can be found on the respective ecosystem's developer pages: Atlassian and monday.com.

User sessions within our apps are valid for the duration received through the authentication process with the host product. The duration of these sessions are usually one day.

Access Control

Our apps leverage Atlassian and monday.com products' role-based access control, allowing administrators to provision and manage different levels of access. Some of our apps, like Atlas CRM, provide additional permission schemes for fine-grained access control within the application.

Avisi Apps treats all customer data as confidential, regardless of classification. Access to confidential information is restricted to employees who are required to access such information as part of their job and only in those circumstances where access to such information is required to provide a specific service to the customer or to support the delivery of the services. None of the customer data is used for development purposes.

Encryption

All data in Avisi Apps’ cloud storage are encrypted at rest. Google Cloud Platform stores and manages data cryptography keys in its redundant and globally distributed Key Management Service. So, if an intruder were ever able to access any of the physical storage devices, the data contained therein would still be impossible to decrypt without the keys, rendering the information a useless jumble of random characters.

Avisi Apps exclusively sends data over HTTPS transport layer security (TLS) encrypted connections for additional security as data transits to and from the application.

Logging

Our apps log system failures and user activity to find deviations and enable auditing of usage patterns. Some user activity logging is visible to customers directly if the app has an event log or activity stream feature implemented. Avisi Apps employees can access these logs using Google Cloud's Logs Explorer. More information on Logs Explorer can be found here: Google Cloud Logs Explorer