Data security and privacy

SERVERS COMPLIANCE

Avokaado operates on highly secured Linode servers located in Frankfurt, Germany. Linode servers are located with Equinix infrastructure that have the strictest industry-specific standards and certifications, including:

  • SSAE 16/SOC 1 and SOC 2
  • ISO 27001, ISO 9001, ISO 22301, ISO 14001, ISO 50001, ISO 18001
  • PCI DSS Level 1
  • HIPAA, Cloud Security Alliance
  • HDA/HADS, SS 564
  • FedRAMP, TSI, NIST 800-53/FISMA

HARDWARE AND INFRASTRUCTURE SECURITY

These data centers include state-of-the-art physical and environmental access controls in highly secure environment (certified to ISO 27001) and safety features including:

  • 24/7 professional security staff, video surveillance, and intrusion detection systems
  • Fire detection and suppression, redundant electrical power systems, and uninterruptible power supply (UPS)
  • Monitoring of electrical, mechanical, and life support systems and equipment

DOCUMENT SECURITY

All connections to Avokaado are using TLS 1.2 transport layer security where all data is encrypted with the SHA-2 (SHA-256withRSA) encryption and passwords encrypted with SHA-512 encryption. In addition to anti-tampering controls, an audit trail gathers every single transaction and document signing with IP addresses and user information.

RELIABILITY AND BACKUPS

In order to provide a highly reliable service, Avokaado can use geo-dispersed servers; we can adjust their capabilities in real-time depending on the current load. Regular automated backups prevent any data loss.

SECURITY AUDITS

Avokaado has received OWASP ASVS 2.0 security audit from independent security company that conducts security audits as well as static and dynamic analysis scans. Internally, security audits are regularly performed by a security team under the supervision of the Board of the company. Each IT employee receives regular security training, and all updates and new features are reviewed for security, as security testing is integrated into the application development lifecycle. All access to server is limited to only senior security team members from whitelisted locations.

ADVANCED CUSTOM SECURITY OPTIONS

Avokaado’s security policies and features are designed to keep documents and transactions 100% secure. Should you need additional security customizations to match your company’s policies, Avokaado offers additional options, including:

  • Complex Password – requires all users to have a complex password (containing uppercase letters as well as numbers) which must be changed every 6 months
  • Authentication with only ID-card or Mobile-ID

For maximum security only ID-card or Mobile-ID is accepted to sign documents.

CREDIT CARD

Avokaado does not store any credit card information on its servers. Payments are processed by a PCI Data Security Standard (PCI DSS) Level 1 provider. All subscriptions are processed by Braintree a Paypal service. PCI Data Security Standard (PCI DSS) ensures companies that process, store or transmit credit card information maintain a secure environment.  See PCI SSC Data Security Standards Overview for more information.