Our commitment to security and privacy
Alooma is a data in motion company helping companies across private and public sectors to drive mission-critical business processes. That’s why we’ve taken a security first approach that combines best-of-breed technology, a highly trained and experienced staff, adherence to the strictest standards in the industry and the flexibility to meet diverse customer requirements.
Alooma leverages multiple layers of defense to ensure all data is protected from unauthorized access and tampering. Alooma runs in Amazon Web Services’s highly secure data centers. The Alooma service runs inside a Virtual Private Cloud, with individual hosts protected by firewalls configured with the most stringent rules. All communication with the Alooma service is protected at the network level using industrial-strength, secure protocols. A secured architecture, internal best practices, third-party certifications and audits are all important components of our security program. We are SOC 2 Type II and HIPAA compliant.
- SOC 2 Type II SOC 2 evaluates an organization’s information systems with respect to strict security, availability, processing integrity, confidentiality and privacy standards. Alooma is SOC 2 Type II certified and audited on a continuous basis by Ernst & Young.
- HIPAA Under the U.S. Health Insurance Portability and Accountability Act, a HIPAA business associate agreement (BAA) is a contract between a HIPAA-covered entity and a HIPAA business associate (BA). The contract protects personal health information (PHI) in accordance with HIPAA guidelines. Alooma adheres to the HIPAA Business Associate’s standards. Should any HIPAA-covered entity need a Business Associate Agreement (BAA) signed, please contact firstname.lastname@example.org.
- OAuth 2.0 OAuth is an open standard for authorization, commonly used as a way to authorize applications to access information without giving them the passwords. Alooma supports OAuth 2.0 for secure application authentication (access to data sources) without revealing passwords or other credentials.
When it comes to handling the data of our customers, we make no compromises. Even though Alooma is not a storage company, all of our customers' data is always encrypted. When it comes to sensitive data, like access credentials, we even encrypt it on two different levels. Our access policies are the strictest possible, separating our various environments and the permissions allocated to each. When troubleshooting is required, and access is inevitable, we allocate temporary access credentials. Periodically, we review our audit logs and various policies, and make sure they adhere to the highest standards.
If you are experiencing any potential security issues, please report them to us at email@example.com.