Security Overview

DATA CENTER & NETWORK SECURITY
Download our Security and Compliance Overview (PDF) here.

Alive5 is hosted within AWS. Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers - including the fastest-growing startups, largest enterprises, and leading government agencies - are using AWS to lower costs, become more agile, and innovate faster. Alive5 has established compliance with SOC2 Type II, GDPR, CCPA, and PCI-DSS. Additional details and related documentation can be furnished upon request by emailing us at compliance@alive5.com.

Our Datacenter
We're hosted within Amazon Web Service (AWS) data center. Our servers are in a virtual private cloud (VPC) protected by network access control lists (ACLs) to prevent unauthorized access.

Data in Transit
All Alive5 connections are hosted over HTTPS. HTTPS stands for HTTP over SSL/TLS, a secure form of HTTP that is supported by all major browsers and servers. All HTTP requests and responses are encrypted before being sent across a network. HTTPS combines the HTTP protocol with symmetric, asymmetric, and X.509 certificate-based cryptographic techniques. HTTPS works by inserting a cryptographic security layer below the HTTP application layer and above the TCP transport layer in the Open Systems Interconnection (OSI) model. The security layer uses the Secure Sockets Layer (SSL) protocol or the Transport Layer Security (TLS) protocol.

Encryption & Data Storage
All user data stored in Alive5 is fully encrypted at rest. Encryption at rest provides enhanced security by encrypting all your data at rest using encryption keys stored in our datacenter.. This functionality helps reduce the operational burden and complexity involved in protecting sensitive data. With encryption at rest, you can build security-sensitive applications that meet strict encryption compliance and regulatory requirements.

Encryption at Rest
We encrypt data using industry-standard AES-256 algorithms, which ensure that only authorized roles and services can access sensitive data with access to the encryption keys audited by AWS services.

Encryption in Transit
Traffic is encrypted in transit using Transport Layer Security 1.2 (TLS) with an industry-standard AES-256 cipher. We are also PCI-DSS compliant with our AlivePay tool.

SAML Single Sign On (SSO)
Through SSO, you can authenticate users in your own systems without requiring them to enter additional login credentials..

COMPLIANCE

SOC2 TYPE II
Alive5 is SOC2 Type 2 compliant. Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy. Alive5 has undergone SOC2 audits from external 3rd party security firms to achieve compliance. An annual report can be furnished upon request with a signed NDA. Please email us at compliance@alive5.com to start the process.

PCI DSS
All payment and PCI data requests go through our partner, PCI Booking. To receive a copy of the latest Attestation of Compliance (AOC) please email us at compliance@alive5.com.

CONTACT

For additional information or documentation, please feel free to contact us:

Alive Technologies, Inc.

ATTN: Compliance Department

2100 West Loop South, Suite 900

Houston, Texas 77027

Email: compliance@alive5.com