Security & Safety Guide

Last updated 31 July 2023

Privacy

We maintain a comprehensive privacy program.

User Account Security

Limited access to authorized users helps keep data secure.

  • Password-protected client access with username/password authentication per user
  • Users are associated with specific projects
  • Clients can set up various authentication levels for end-user content access
  • All authentication requests are sent over HTTPS

Hosting Environment

Our software was built from the ground up and runs on cloud-compute clusters from a leading global server vendor.

  • PCI compliant
  • ISO 27001, 27017, 27018 & 27701 certified
  • SOC 1, 2, 3 certified
  • 24×7 full proximity digital video surveillance & full perimeter CCTV
  • Restricted biometric access with proximity keycard control, forming a rigid two-factor authentication process
  • 24×7 NOC support
  • 24×7 on-site security detail

Reliability

Reliable uptime for a smooth experience.

  • 99.9% uptime 
  • Additional internal tools are used to further monitor availability and performance
  • Automatic backup system

Payments 

Client payments are processed via certified payment providers.

  • PCI-DSS Level 1 Service Providers
  • All card numbers are encrypted at rest with AES-256

Web and Mobile Application Development

Our developers conduct regular security reviews.

  • All systems are scanned regularly for common security vulnerabilities
  • No credit card information is permitted to be stored on any mobile device
  • All web and mobile applications are primarily developed, tested, deployed, and maintained by a full-time, in-house engineering team

App Distribution

Native apps are distributed through the official app distributors.

  • Apple App Store
  • Google Play Store (plus via direct apk download link from the client website)
  • Additional web application for mobile and desktop access via SSL connections

Incident Response

We understand that no computer system is perfectly secure.

  • In the event of a breach of an ATIV information system, we have a detailed Incident Response Plan in place
  • If you find a vulnerability, please report it to us at support-at-ativsoftware-dot-com