Standards and certificates

We regularly work with independent experts to verify our security, privacy, and compliance controls, and have achieved certification against stringent global standards.


We work with an independent auditor to maintain a SOC 2 Type II report, which certifies our controls to ensure security, availability, and confidentiality. In addition to our SOC 2 report, we maintain a SOC 3 report for general use and distribution. Click here to download.


Our Privacy Policy and Data Processing Agreement (DPA) reflect the requirements of the GDPR. We’ve worked with TrustArc, the leader in privacy compliance and data protection, to ensure compliance with all aspects of the GDPR.

State-of-the-art security

Security informs all aspects of our product and infrastructure at Affinity.


We encrypt all sensitive data both at rest and in-transit using robust, industry-leading encryption algorithms.

Network security

Our production services run in an isolated Virtual Private Cloud on AWS. Only network protocols essential for making our service work are open at the network's perimeter.

Access controls

Access to internal systems requires multiple authentication factors, including VPN access and device-based authentication tokens.

Independent testing

In addition to our ongoing bug bounty program, we conduct rigorous annual penetration tests with world-class independent security consulting firms.

Uptime and durability

We save daily encrypted backups for 30 days to ensure your data is safe and secure, and store them redundantly across multiple availability zones. We use third-party monitoring services to track Affinity's availability and have engineers on-call to rapidly investigate and address any outages.

Audit logs

Any access to customer data in cases when customers need our assistance is exhaustively logged and regularly audited. No data is accessed unless we cannot provide support to our customers without doing so.

Vulnerability disclosure and reward program

If you believe you’ve discovered a bug in Affinity’s security, please get in touch at Our security team promptly investigates all reported issues.