Security is in our DNA. We are committed to keeping our customers' data secure by adhering to the strictest security measures available on the market, so you can be sure that your data is kept safe with us at all times.
airfocus is ISO 27001 certified
We have a comprehensive Information Security Management System in place that is ISO/IEC 27001:2013 certified. the world's leading standard for information security management. Our physical infrastructure is hosted on highly secure data centers that are ISO 27001 and SOC 2 Type II certified.
Data storage and encryption at rest
We encrypt data at rest using an industry-standard AES encryption algorithm. All user passwords are hashed with a PBKDF2-based robust hashing algorithm and individual salts per password.
Data encryption in transit
All communication between airfocus servers and the client browser is secured using the industry standard Transport Layer Security (TLS). Only the most relevant and secure level of TLS is accepted by airfocus (currently 1.2). We have an A+ rating in the SSL Labs security report. See this SSL report for more information.
Product security & SAML/SSO
airfocus offers a robust set of in-product data protection and admin controls (admin, editor, contributor, and viewers, as well as workspace permissions). Enterprise admins can securely deploy airfocus to their organizations with Single Sign-On (SSO).
Credit card & payment security
We do not store any credit card information or related personal information on our servers or process payments. All payments are processed through our partner Stripe.
Annual penetration tests
Our infrastructure, web applications, and APIs are penetration tested and certified annually by external independent parties.
Do you have dedicated Single Sign-On integrations?
Yes. We have dedicated Single Sign-On integrations available for Microsoft Azure DevOps, Google Cloud, and Okta. Alternatively, you can set up customer SAML SSO with any Identity Provider (IDP) of your choosing.
How do we handle payments?
We use Stripe to handle payments. Stripe is a leading global payments system provider and enforces stringent PCI DSS (Payment Card Industry) compliance criteria to ensure that any data stored and/or processed on its servers is handled in a secure way. Details about their security can be found here.
Reliability & availability
We offer full transparency into system status and performance.
airfocus offers 24/7 priority support and up to 99.9% uptime commitment to Enterprise customers. Real-time and historical platform available is provided transparently here.
airfocus' infrastructure maintains business continuity and ensures to provide daily backups in separate data centers and disaster recovery plans for restoring services in the event of unavoidable failures.
Privacy & data protection
We have a comprehensive privacy compliance program that aligns our practices with regulations such as the General Data Protection Regulation.