ALTO considers protection of subscriber data a top priority. As further described in this Information Security Policy, ALTO uses commercially reasonable organizational and technical measures designed to prevent unauthorized access, use, alteration or disclosure of subscriber data stored on systems under our control.
ALTO limits its personnel’s access to subscriber data as follows:
ALTO provides industry-standard encryption for subscriber data as follows:
ALTO uses firewalls, network access controls and other techniques designed to prevent unauthorized access to systems processing subscriber data.
ALTO maintains measures designed to assess, test and apply security patches to all relevant systems and applications used to provide the Services.
ALTO monitors privileged access to applications that process subscriber data, including cloud services.
The Services operate on Supabase and Amazon Web Services (“AWS”) and are protected by the security and environmental controls of Supabase and AWS. Detailed information about Supabase security is available here. Detailed information about AWS security is available here and here. For AWS SOC Reports, please see here.
Subscriber data stored within Supabase is encrypted at all times. Supabase does not have access to unencrypted subscriber data.
If ALTO becomes aware of unauthorized access or disclosure of subscriber data under its control (a “Breach”), ALTO will: