🔏Security & compliance

Compliance

Alvin is SOC2, Type2 certified. As part of this process we also undergo yearly penetration testing and remediation to ensure that our systems are secure. Employees also undergo strict security training. This is to ensure that awareness of security and everyone’s responsibility to keep Alvin’s systems and customers safe is top of mind, as not just a technical exercise but as behaviour and culture.

Network and hosting

Alvin services is running on GCP infrastructure, taking advantage of the extensive security and scalability that Google has to offer. All of Alvin services runs inside VPC network, not exposed to the real world, except for the necessary customer facing parts of the product. SSL certificates are automatically provisioned by GCP.

Authentication

Similar to using GCP for infrastructure, we also don’t believe we can do authentication better than companies or services that has this as their sole focus so we rely on Firebase and WorkOS to offer authentication via Oauth and SSO.

Data access

Alvin operates strictly on metadata only access. Alvin uses, as far as possible, minimal access scope on all integrations. This means that, for a data warehouse, it’s set up so that trying to access anything beyond metadata would fail.