Security

Data Protection Based on
ISO Standards

Client data protection is of the utmost importance at Antavo. In order to meet the highest of expectations, we continuously
improve our SaaS software.

Data Protection Based on
ISO Standards

Client data protection is of the utmost importance at Antavo. In order to meet the highest of expectations, we continuously improve our SaaS software.

Data Security at the
Forefront

Data Security at the
Forefront

Data security is the cornerstone of any loyalty program, therefore Antavo has built both its technology and company culture around the principle of keeping client information safe and sound at all times. This includes the following:

  • Antavo is ISO 27001 compliant, ensuring that the data is protected through a high-level information security management system. See the certificate
  • Antavo is also 27017 compliant thanks to specific implemented controls that aid a secured cloud service delivery. See the certificate
  • Employee training enabling the team to efficiently react to critical situations
  • Data backup measures
Data safety at the forefront.

Security
Management

Security management.

Security Management

Antavo’s policy framework was designed based on ISO 27001 and ISO 27017 standards, which serve as models for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This entails documents and measures for:

  • Risk management
  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations security
  • Access control
  • Information systems acquisition, development, and maintenance
  • Supplier relationships
  • Information security incident management
  • Business continuity management
  • Compliance

Regulations Regarding
Personal Identifiable
Information (PII)

Regulations Regarding Personal Identifiable Information (PII)

As a Data Processor (based on GDPR terminology) of Personally Identifiable Information (PII), Antavo provides a platform that meets the needs of even the highest regulated markets and industries in terms of security. We provide ways to support Data Controller processes and minimize any potential compliance risk.

Currently tracked regulations:

  • GDPR
  • UK Data Protection Act (UK GDPR)
Compliance with personally identifiable information (PII) laws.

How We Protect
Our Clients’ Data

In order to guarantee client data safety, Antavo offers
best-in-industry safety measures both technology and policy-wise:

Dedicated CISO and
independent DPO

Antavo’s CISO is responsible for security while the independent DPO ensures that the organization processes the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules.

Penetration tests

To ensure our technology offers flawless protection and has no critical vulnerabilities, our product undergoes an external penetration test twice a year.

API Integrity

All APIs that forward personal information are protected, as they are sent over encrypted channels and API signatures in order to ensure that the data hasn’t been changed.

Data encryption in-transit
and at rest

To guarantee the safety of in-transit data, each and every API endpoint uses an encrypted connection, while the data at rest is also encrypted on Google Cloud.

Data-leak countermeasures

We implement granular data controls so that only necessary information is forwarded through APIs to minimize the risk of an accidental data leak.

GDPR compliance

Antavo’s software and conduct are fully compliant with GDPR, ensuring that customers can maintain their right to control their data.

Privacy management

Antavo’s internal privacy policy dictates strict rules for each and every employee on how to handle client data, coupled with an established chain of authority within the organization.

Business Continuity
Management

As part of Antavo’s Business Continuity Management system, our extended Disaster Recovery Plan lists a playbook for every expected adverse scenario, emergency, or disaster.

Availability

With three different Service Level Agreements available to choose from, we offer the highest level of availability to our clients.

Dedicated Quality
Assurance Team

Antavo has a full team dedicated to testing any and all updates to its software, so the results go live without any security flaws.