Our customers rely on Aternity data to make critical business decisions. That’s why we continually strive to protect the integrity of your data and ensure that our SaaS exceeds your expectations.
Our privacy controls are examined at least once a year by a qualified and independent third-party auditor as part of our SOC 2 Type 2 audit. Our SOC 2 has been in place for five years.
Get More InfoAternity currently complies with applicable data protection regulations and GDPR compliance across its relevant services.
Learn MoreAn independent third-party accounting firm has certified that Aternity's control environment satisfies the requirements of the HIPAA Security Rules, and conducts ongoing regulatory compliance audits.
Learn MoreWe employ a wide range of the latest in security features and safeguards native to our software and part of the operational and technical security fabric used to maintain visibility and control of our SaaS environment.
The security function leverages an array of layered operational and architectural controls designed to further secure our customer environments.
Our security operations team acts quickly to remediate security issues when they are detected.
Our design approach embeds security and privacy into software development processes, from threat modeling to secure design reviews.
We use a variety of automated and manual methods to regularly inspect our code and monitor our infrastructure to identify and remediate vulnerabilities.
A dedicated team regularly reviews our SaaS service components for security capabilities, and ensures we have the correct people, processes, and technical controls to protect customer data.
Aternity console access is protected via your own SSO/SAML 2.0 identity provider of choice, with two factor authentication, if enabled.
Aternity’s data collection agent is digitally signed to prevent tempering and include several anti-hack security measures, including ASLR, DEP, and SEH.
Aternity allows you to define IP filtering to limit access only to approved offices or networks.
Flexible configuration options to protect the privacy of collected user data. You can exclude certain application data, encrypt PII fields, and set permissions for who can view PII. All data is encrypted in transit and at rest.
Our privacy policy reflects our commitment to protecting personal data. It provides details on the type of personal information we collect, how we store it, how we use it, and what rights individuals have and how to exercise them.
The GDPR reinforces existing data protection principles in the European Union (EU) and expands legal protections and privacy rights for EU citizens. See how Aternity supports our customers GDPR compliance
This document provides information about the data transfer mechanisms used by Aternity to transfer personal data out of the EU in light of the July 16, 2020 decision of the European Court of Justice (“ECJ”).
We perform due diligence reviews to assess the privacy and security practices of our sub processors, who are required to enter into appropriate security, confidentiality and privacy contract terms based on the risks presented by the assessment, including data processing terms as required by applicable law.
In addition to performance measurements like wait times, response times, or resource consumption, Aternity also collects descriptive attributes, which add context to the performance measurements to
help troubleshoot problems, e.g., device name, user name, location name, application name.
Aternity undergoes rigorous audits by third-party services—our protocols are transparent, documented, and verified, including SOC2, HIPAA, and GDPR.
Aternity’s privacy controls are examined at least once a year by a qualified and independent third-party auditor as part of our SOC 2 Type 2 audit. Our SOC 2 has been in place for five years and covers security, availability, confidentiality, and privacy.
Aternity's control environment is examined at least once a year by a qualified and independent third-party auditor who has found that Aternity satisfies the requirements of the Health Information Insurance Portability and Accountability Act (HIPAA) Security Rules.
We engage an independent third-party auditor to conduct penetration tests of Aternity SaaS and its APIs at least once a year.
Aternity has documented and published our security controls in the Cloud Security Alliance (CSA) Consensus Initiative Assessment Questionnaire (CAIQ). This documents our commitment to the key principles of cloud security – transparency, rigorous auditing, and adherence to standards with continuous monitoring.
Aternity SaaS is designed using industry best practices to deliver secure, highly available solutions, 24x7, around the world.
Aternity’s SLA covers our service commitments, credits, and associated processes.
We implement multiple layers of redundancy to ensure that the SaaS environment is available 24x7.
Our built-in processes and workflows back up data for fast recovery times in the unlikely event of a local outage. We maintain comprehensive Disaster Recovery sites in different availability zones for each data center in North America, Europe, and Asia. We test our Disaster Recovery procedures monthly for each environment.
Aternity has maintained monthly availability of over 99.95% for the last 5 years of SaaS operation.
The confidential information of Aternity LLC (“Aternity”) available at www.aternity.com/trust-center (“Aternity Confidential Information”) is subject to the terms of the applicable agreement between you and Aternity. If you are not a party to an agreement with confidentiality provisions applicable to the Aternity Confidential Information, the terms set forth in the following paragraph are the confidentiality provisions applicable to your access to, and use of, the Aternity Confidential Information.
These terms constitute a legally binding agreement between you and Aternity. Please read them carefully. By accessing or viewing the Aternity Confidential Information, you agree to these terms on your behalf or on behalf of the entity with which you are employed, affiliated or associated. You represent that you have the authority to bind the entity to these terms. If you do not have such authority or are not willing to be bound by these terms, do not view or access the Aternity Confidential Information. By accessing or viewing the Aternity Confidential Information you acknowledge and agree that these files are the confidential information and trade secrets of Aternity. You will use the same degree of care that you use to protect the confidentiality and trade secret status of the Aternity Confidential Information as you do to protect your own confidential information of like kind (but not less than reasonable care) and you will not use the Aternity Confidential Information for any purpose other than to use Aternity’s products and services or evaluate the purchase of Aternity’s products and services. Except as otherwise authorized by Aternity in writing, you will to limit access to the Aternity Confidential Information to those who need that access for these purposes and who have executed confidentiality agreements with you containing protections no less stringent than those in these terms. You will not disclose Aternity Confidential Information to any third party other than your affiliates or your respective directors, officers, employees, agents and advisors (including, but not limited to, attorneys, accountants and third party consultants) (collectively, “Representatives”) without Aternity’s prior written consent and you will remain responsible for your affiliate’s and Representative’s compliance with this paragraph. You may make disclosures required by law or court order provided you use diligent reasonable efforts to limit disclosure and to obtain confidential treatment or a protective order and have allowed Aternity to participate in the proceeding. These terms do not apply to any information that: (i) is or becomes generally known to the public without breach of any obligation owed to Aternity, (ii) was known to you prior to its disclosure by Aternity without breach of any obligation owed to Aternity, (iii) is rightfully disclosed to you by a third party without restriction, or (iv) was independently developed by you. You agree that any Aternity Confidential Information is provided “as is” without any warranties and shall not be relied upon for purchase of product or services.