Standards and certificates
We regularly work with independent experts to verify our security, privacy, and compliance controls, and have achieved certification against stringent global standards.
SOC 2 Type 2
SOC 2 Type 2 is an auditing standard that evaluates the effectiveness of Affinity’s controls and processes related to security, availability, processing integrity, confidentiality, and privacy. By maintaining a SOC 2 Type 2 attestation, Affinity assures its customers that their data is handled securely and in compliance with industry standards, fostering trust and providing peace of mind. Click here to download our public SOC 3 report.
ISO 27001 is a globally recognized standard for information security management systems, ensuring that Affinity follows best practices to protect sensitive data and mitigate risks. By achieving ISO 27001 certification, Affinity demonstrates its commitment to maintaining the highest level of security, instilling trust and confidence in its customers that their data is well-protected.
ISO 27017 & ISO 27018
ISO 27017 and ISO 27018 are specific standards that focus on cloud security and privacy respectively. By adhering to ISO 27017, Affinity demonstrates its commitment to implementing robust security controls in its cloud services, ensuring the protection of customer data. Similarly, ISO 27018 certification showcases Affinity’s dedication to safeguarding customer privacy by following strict guidelines for the handling of personally identifiable information (PII) in the cloud, enhancing customer trust and confidence in the platform
Security informs all aspects of our product and infrastructure at Affinity.
We encrypt all sensitive data both at rest and in-transit using robust, industry-leading encryption algorithms
Our production services run in an isolated Virtual Private Cloud on AWS. Only network protocols essential for making our service work are open at the network's perimeter.
Access to internal systems requires multiple authentication factors, including VPN access and device-based authentication tokens.
In addition to our ongoing bug bounty program, we conduct rigorous annual penetration tests with world-class independent security consulting firms.
Uptime and durability
We save daily encrypted backups for 30 days to ensure your data is safe and secure, and store them redundantly across multiple availability zones. We use third-party monitoring services to track Affinity's availability and have engineers on-call to rapidly investigate and address any outages.
Any access to customer data in cases when customers need our assistance is exhaustively logged and regularly audited. No data is accessed unless we cannot provide support to our customers without doing so.
Vulnerability disclosure and reward program
We take all precautions necessary to ensure your privacy is respected and your information is secure. Affinity is compliant with SOC 2, ISO27001 and GDPR.Learn More
Learn more about our security measures by visiting our Trust Center