Information security is one of Avnovo’s top priorities. Avnovo is committed to treating the information of employees, customers, stakeholders, and other interested parties with the utmost care and confidentiality. At a high level, this document describes Avnovo’s approach to information security and data protection.
Table of Contents
Online payments security
Avnovo is PCI-DSS certified. The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. The certification confirms that we:
- Build and maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
For more information on PCI DSS, please visit pcisecuritystandards.org
What do we do with our customer’s data?
As part of Avnovo operations, obtaining and processing information is needed. This information includes any offline or online data that makes a person identifiable (PII), such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, credit card numbers, financial data, phone numbers, etc.
Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, we make sure it is not misused.
Data we protect will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by the company within its legal and moral boundaries
- Protected against any unauthorized or illegal access by internal or external parties
Data we protect will not be:
- Communicated informally
- Stored for more than a specified amount of time
- Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)
Who owns the data?
Avnovo’s customers are owners of their data. Therefore, customers can download contact lists, reports, and other important records at any time in CSV or PDF format.
In addition to ways of handling the data, Avnovo has direct obligations towards people to whom the data belongs. Specifically, we will:
- Let people know which of their data is collected
- Inform people about how we’ll process their data
- Inform people about who has access to their information
- Have provisions in cases of lost, corrupted, or compromised data
- Allow people to request that we modify, erase, reduce or correct data contained in our databases
Processes and procedures used to ensure security
Avnovo follows best practices while designing its cloud based infrastructure and security processes and procedures.
- All users are trained and required to follow internal security policies, including keeping their endpoint devices up to date with security patches and latest antivirus updates.
- Our infrastructure is protected by VPN access, firewalls, malware protection tools, etc.
- Our infrastructure is updated and patched regularly.
- Our infrastructure is monitored 24/7/365.
- Our critical servers are backed up periodically.
- Connection to internal environment requires Multi-factor authentication.
- A subset of internal users has access to a database where customer data is stored.
- Customers can only access their portion of data using web or mobile interface.
- Database is stored on an encrypted volume.
- Customer data is kept in the internal database hosted in our environment.
- Customer data is being kept for a specific period of time or until customer stops using Avnovo’s service.
- Procedure for reporting privacy breaches or data misuse have been established.