It’s your data, not ours—and we work hard to keep it secure

Here are the policies, procedures and technologies we use to comply with and exceed industry standard requirements

Data Hosting

Security and compliance programs

Data Hosting

Data Protection

Amazon Web Services

Acivilate's physical infrastructure is hosted and managed within Amazon’s GovCloud secure data centers. Acivilate leverages all of the platform’s built-in security, privacy and redundancy. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).

Encryption Data that passes through Acivilate is encrypted, both in transit and at rest. All connections from the browser to the Acivilate platform are encrypted in transit using TLS SHA-256 with RSA Encryption. Acivilate requires HTTPS for all services.

Security and compliance programs


Background checks All Acivilate employees go through a thorough background check before hire.
Training While we limit internal access on a need to know basis, all employees are trained on security and data handling to ensure that they uphold our strict commitment to the privacy and security of your data.
Confidentiality All employees sign a confidentiality agreement before they start at Acivilate.

Reliability and redundancy

Business continuity and disaster recovery We have business continuity and disaster recovery plans in place that replicate our database in multiple availability zones and provide for automatic failover.

Software development lifecycle

Routine audits Acivilate continuously scans the product for service interruptions, performance degradation and security vulnerabilities to immediately alert our engineers and take action when an incident has been detected.
New releases New releases to the Acivilate platform are thoroughly reviewed and tested to ensure high availability and a great customer experience.
Quality assurance testing Once a changeset is completed, it is manually peer reviewed by one or more members of the engineering team. The changeset is then evaluated and manually tested by our quality assurance team to thoroughly test areas of expected impact, regression test and further evaluate the user experience.
Continual monitoring After a changeset is released, we continue to monitor application exceptions and log exceptions. These exceptions are regularly reviewed and triaged for resolution. Performance impacts of the changeset are monitored through several monitoring services.

Vulnerability control

Malicious software prevention Our employees’ equipment is defended by anti-malware software.
Vulnerability scanning We continuously monitor for new vulnerabilities with automatic scanning of our code repositories.

We’re always improving and always available

If you think you may have found a security vulnerability, have suggestions that will help to protect privacy or have questions for our team, please contact us at