AWR Cloud is fully committed to the security of your private data, in compliance with GDPR.

Data security

Encrypted login via HTTPS 

To prevent unauthorized access and ensure data privacy, account authentication is realized via username and password for both the main owner login and subsidiary team accounts. All page sections within the account are served through a HTTPS protocol. 

User account handling permissions

We enable different permission levels within the app to be set for your teammates. Besides the account main owner login, there are 3 kinds of inferior access users who can join the same core AWR account: admins, team members and customers

Secure access via whitelabel as well

The AWR account and data reports can be accessed via a custom subdomain, defined at user end, with SSL encryption activated. The AWR account data can be entirely masked under a custom host which is accessed externally using HTTPS. 

Encryption

Our API and application endpoints are SSL only.  

Network and application security

Data hosting and storage

AWR data is stored in Amazon Web Services (AWS) facilities us-east in the USA, who is compliant with the EU-US and Swiss-US Privacy Shield Framework and GDPR

Application runtime

AWR has an uptime of 99.9% or higher, for situations which are independent of the service infrastructure and data sources.

AWR is served 100% over HTTPS. 

Third party account data connections

External data sources accounts are linked to AWR via OAuth standard protocol. The linked account connection resources are authorized to AWR server without sharing access to user credentials. 

Additional Security Features

Employee awareness and secure workstations

Access to customer data is limited to authorized employees only, who require it for their job. 

Data access permission

Customer data is limited to authorized employees only, only after user-end permission has been granted (explicit or by agreeing with the application Privacy Policy and Terms of Service). 

Data loss and Incident Response Policy

In the exceptional event of a data loss or potential security breach, you will be contacted immediately and be kept updated in real-time as AWR dedicated team assesses the situation. 

There’s an active protocol which includes escalation procedures, rapid action and mitigation. By all means, the main purpose is to secure and recover the incidental data. 

A full incident report will be made available by AWR direct communication channels should any incidents occur.

Do you have any other questions? Don’t hesitate to get in touch and we will keep building the FAQ.

Did this answer your question?