Enterprise-Grade Security and Trust

Avonni’s mission is to help business users build scalable applications on Salesforce without ever needing to code.Core to that mission is keeping your ideas, data and projects confidential and secure. We take that responsibility seriously for our users, ranging from startups to Fortune 100 companies.Here you’ll find more information on how we approach security.

Infrastructure

Avonni's app are using industry-leading cloud infrastructure services including Heroku, Google and Amazon Web Services (AWS). Physical facilities, network, hardware and operational software from those third-parties providers maintains several industry-recognized certifications, including ISO 27001 compliance, PCI certification and SOC.For more information about their certification and compliance, please visit the Google Cloud Platform, Heroku and Amazon AWS security site.

Encryption

All data is transported securely with HTTPS, as all traffic is encrypted in transit via SSL. Encrypting data in transit protects it from unauthorised snooping, modification, and man-in-the-middle attacks. We use AES 256 chiper encryption for sensitive data, utilising both the ECDSA and RSA algorithms.Our servers only support the highest level of encryption 256-bit cipher suites TLS 1.2 or TLS 1.3, protecting against unauthorized disclosure, modification, and replay attacks.

Authentication

User authentication

Avonni's app relies on Auth0, an authentication and authorization management platform. Auth0 acts as the user authentication platform that uses the OAuth prototcol for the Google or Salesforce authentication. We never have access to your Google or Salesforce password. Auth0 is compliant and certified under SOC 2 Type II and HIPAA BAA.

Salesforce authentication
- The section below is only applying for Avonni Builder -

To access the Salesforce API for synchronization, our backend servers request a short-lived access token from a restricted delegation endpoint. Access tokens are not stored at rest. Each delegation attempt is audit-logged and can be reviewed by us in our Auth0 backend, and by the customer in their Salesforce Org.

Confidentiality

We don’t rent, sell, trade or disclose your Personal Information to third parties without your consent. Access to customer data by Avonni employees is limited based on the need to access such data (e.g. to resolve a customer support ticket).When requested, we will destroy a user’s account, removing all customer data associated with that account.

Compliance

Avonni's app uses ISO 27001, PCI DSS Level 1, HIPAA, and SOC 1, 2, and 3. compliant data centres according to security best practises. We ensure compliance with industry standards and business requirements.