Security

Data Protection Based on
ISO Standards

Client data protection is of the utmost importance at Antavo. In order to meet the highest of expectations, we continuously
improve our SaaS software.

Data Protection Based on
ISO Standards

Client data protection is of the utmost importance at Antavo. In order to meet the highest of expectations, we continuously improve our SaaS software.

Data Safety at the
Forefront

Data Safety at the
Forefront

Data security is the cornerstone of any loyalty program, therefore Antavo has built both its technology and company culture around the principle of keeping client information safe and sound at all times. This includes the following:

  • Antavo is ISO 27001 compliant, ensuring that the data is protected through a high-level information security management system. See the certificate
  • Antavo is also 27017 compliant thanks to specific implemented controls that aid a secured cloud service delivery. See the certificate
  • An extended catalog of security policies, including a risk management and disaster recovery plan
  • Employee training enabling the team to efficiently react to crisis situations
  • Data backup measures
Data safety at the forefront.

Security
Management

Security management.

Security Management

Antavo’s policy framework was designed based on ISO 27001 and ISO 27017 certifications, which serve as models for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This entails documents and measures for:

  • Risk management
  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • Information systems acquisition, development, and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance

Compliance with
Personally Identifiable
Information (PII) laws

Compliance with
Personally Identifiable
Information (PII) laws

As a Data Processor (based on GDPR terminology) of Personally Identifiable Information (PII), Antavo provides a platform that meets the needs of even the highest regulated markets and industries in terms of security. We provide ways to support Data Controller processes and minimize any potential compliance risk. We constantly monitor upcoming regulations globally and make sure to provide compliant solutions ahead of time.

Currently tracked regulations:

  • GDPR
  • CCPA for California and other state-specific versions
  • EU sub-regulations (France & Belgium unique
    extensions)
  • LATAM localizations
  • APAC localizations
  • Planned regulations for China
  • APPI for Japan
Compliance with personally identifiable information (PII) laws.

How We Protect
Our Clients’ Data

In order to guarantee client data safety, Antavo offers
best-in-industry safety measures both technology and policy-wise:

Dedicated CISO and
independent DPO

Antavo’s CISO is responsible for the security and the independent DPO is keeping the SaaS software up to date according to the latest security and privacy standards. Click here for more details.

Penetration tests

To ensure our technology offers flawless protection and has no critical issues, our product undergoes an external penetration test twice a year.

API Confidentiality

All APIs that forward personal information are protected, as they are sent over encrypted channels and API signatures in order to ensure that the data hasn’t been changed.

In-transit data encryption

In order to guarantee the safety of in-transit data, each and every API endpoint uses an encrypted connection secured by
industry-standard TLS encryption.

Data-leak countermeasures

We implement granular data controls so that only necessary information is forwarded through APIs to minimize the risk of an accidental data leak.

GDPR compliance

Antavo’s software and conduct are fully compliant with GDPR, ensuring that customers can maintain their right to control their data and enjoy privacy as necessitated.

Privacy management

Antavo’s internal policy dictates strict rules for each and every employee on how to handle client data, coupled with an established chain of authority within the organization.

Business Continuity Management

As part of Antavo’s Business Continuity Management system, our extended Disaster Recovery Plan lists a playbook for every expectable adverse scenario, emergency, or disaster.

Availability

With three different Service Level Agreements available to choose from, we offer the highest level of availability to our clients.

Dedicated Quality
Assurance Team

Antavo has a full team dedicated to testing any and all updates to its software, so the results go live without any security flaws.

Partners who trust us
Logo line of partners working together with Antavo. Logo line of partners working together with Antavo.

recognition

Antavo's listing in Gartner.
Antavo's inclusion in Forrester.