We take security seriously here at Alfred, and we are proud to exceed the industry standard when it comes to protecting your organization.
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers. Our service is built on Amazon Web Services (AWS). They provide strong security measures to protect our infrastructure and are compliant with most certifications. You can read more about their practices here.
Alfred is hosted at Amazon data centers, running on Amazon Web Services technology. These data centers located in the US, provide physical security 24/7, state of the art fire suppression, redundant utilities, and biometric devices to ensure your data is safe.
We take several steps to protect your data and prevent eavesdropping between your systems and ours. All network traffic runs over SSL/HTTPS, the most common and trusted communications protocol on the Internet.
We’re relentlessly updating our systems to protect your data. We regularly replace our virtual systems with new, patched ones. We maintain system consistency using a combination of configuration management, up-to-date images, and continuous deployment.
If we see something, we react quickly. We’re always looking for potential system interruptions. If we find something out of place, we address the issue to prevent it in the future.
Only people who need access, get access. We limit production-system access to key members of the Alfred engineering team and expressly forbid passwords.
We physically separate the database instances from application servers.
If we have to part ways, we’ll make sure your data isn’t at risk. To cancel and delete your account, please contact your account manager or our Customer Success team. Canceling your account will disable all access to the Alfred Platform. Upon request, we will delete all data associated with your account.
We use a fast, globally distributed and intelligent always-on DDoS protection powered by Cloudflare, Inc.
All our user data (including passwords) is encrypted using battled-proofed encryption algorithms in the database by our database provider AWS.
We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted.
All payment processing is outsourced to Stripe which is certified as a PCI Level 1 Service Provider. We don’t collect any payment information and are therefore not subject to PCI obligations.
Alfred is committed to ensuring ongoing compliance with the General Data Protection Regulation (GDPR). The GDPR extends the reach of the European Union’s data protection laws and establishes many new requirements for organizations that fall under its scope.
The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Alfred is committed to ensuring compliance with the CCPA. The CCPA is a state law that provides consumer privacy rights and protections for residents of the state of California.