Trust Alooma

Our commitment to security and privacy

Alooma is a data in motion company helping companies across private and public sectors to drive mission-critical business processes. That’s why we’ve taken a security first approach that combines best-of-breed technology, a highly trained and experienced staff, adherence to the strictest standards in the industry and the flexibility to meet diverse customer requirements.


Alooma leverages multiple layers of defense to ensure all data is protected from unauthorized access and tampering. Alooma runs in Amazon Web Services’s highly secure data centers. The Alooma service runs inside a Virtual Private Cloud, with individual hosts protected by firewalls configured with the most stringent rules. All communication with the Alooma service is protected at the network level using industrial-strength, secure protocols. A secured architecture, internal best practices, third-party certifications and audits are all important components of our security program. We are SOC 2 Type II and HIPAA compliant.

  • SOC 2 Type II SOC 2 evaluates an organization’s information systems with respect to strict security, availability, processing integrity, confidentiality and privacy standards. Alooma is SOC 2 Type II certified and audited on a continuous basis by Ernst & Young.
  • HIPAA Under the U.S. Health Insurance Portability and Accountability Act, a HIPAA business associate agreement (BAA) is a contract between a HIPAA-covered entity and a HIPAA business associate (BA). The contract protects personal health information (PHI) in accordance with HIPAA guidelines. Alooma adheres to the HIPAA Business Associate’s standards. Should any HIPAA-covered entity need a Business Associate Agreement (BAA) signed, please contact
  • GDPR General Data Protection Regulation affects every business in the data community that has a presence in the EU or processes the personal data of European residents. Alooma is in full compliance with the European data privacy laws that are in effect today, including GDPR.
  • OAuth 2.0 OAuth is an open standard for authorization, commonly used as a way to authorize applications to access information without giving them the passwords. Alooma supports OAuth 2.0 for secure application authentication (access to data sources) without revealing passwords or other credentials.

See this article for more information about Security at Alooma.


When it comes to handling the data of our customers, we make no compromises. Even though Alooma is not a storage company, all of our customers' data is always encrypted. When it comes to sensitive data, like access credentials, we even encrypt it on two different levels. Our access policies are the strictest possible, separating our various environments and the permissions allocated to each. When troubleshooting is required, and access is inevitable, we allocate temporary access credentials. Periodically, we review our audit logs and various policies, and make sure they adhere to the highest standards.

We also comply with the EU-US Privacy Shield Framework (formerly US-EU Safe Harbor) as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from the European Union member countries. Read more about our Privacy Policy.

If you are experiencing any potential security issues, please report them to us at