Data Security and Privacy

If you have any questions regarding our platform security or if you suspect you have found any vulnerability in our application, please contact us at security@axya.co

SOC2 Type 2

Axya takes the security and privacy of customer data very seriously.

The platform is built considering security as a prerequisite feature. We follow recommended best practices for secure web development, managing cloud infrastructure and training employees.

We are proud to announce that Axya has successfully completed SOC 2 Type 2 audit and has received a clean attestation report.

This rigorous, independent assessment of our information security practices, policies, procedures, and operations in place validates our dedication and adherence to the SOC 2 standards for security.

For more information about SOC2, please check out this blog article. You can also explore our Responsible Disclosure Policy and the exceptional security researchers featured in our Hall of Fame.

Secure, Available, and Customizable

Product Security

At Axya, we pride ourselves on delivering a comprehensive solution that combines robust security, uninterrupted availability, and customizable data control. Our product incorporates a blend of essential security features such as role-based access control, strong authentication, and data encryption to safeguard your information.

We understand the importance of your data's availability, which is why we have implemented measures to ensure our product remains accessible at all times. You can rely on Axya to be there when you need it, enabling you to focus on your tasks without disruption. We also believe in putting you in control of your data.

With our platform, you have the ability to customize and define how your data is shared and with whom. We empower you to make informed decisions, grant permissions, and manage access according to your specific requirements.

SSO

At Axya, we strongly advocate and provide SAML Single Sign-On (SSO) as a convenient authentication method. Through SAML SSO, customer administrators have the capability to authorize user access to Axya effortlessly, leveraging their current identity provider or SSO solution. Our system seamlessly integrates with all major identity providers, ensuring a smooth and efficient access management process.

Authentication

Axya utilizes a trusted and secure authentication and authorization service to safeguard critical identity data. Passwords are securely hashed and salted using industry-standard algorithms, while network communication is protected by TLS with AES encryption.

Role-Base Access Control

At the core of our product design is a robust implementation of role-based access control (RBAC), ensuring a meticulous separation of authorization for accessing information. We have meticulously defined and enforced strict permissions for buyers, suppliers, and administrators, guaranteeing that each role has distinct and appropriate levels of access.

Enhanced Security with MFA Authentication

At Axya, we prioritize your security. That's why we offer Multi-Factor Authentication (MFA) for both users and admins. MFA adds an extra layer of protection by requiring a second form of verification during login. By enabling MFA, we ensure that unauthorized access is significantly mitigated, providing peace of mind and enhanced security for your accounts and sensitive information.

Confidentiality

All the data over our platform is encrypted be it in rest or transit. Data in rest is encrypted using industry-standard 256-bit Advanced Encryption Standard (AES-256) encryption algorithm, while data in transit is SSL/TLS protected.

Reliable Uptime

At Axya, we prioritize providing dependable service to our users. We maintain an uptime of 99.8% or higher, ensuring that our platform remains accessible and available for your needs. You can rely on Axya to deliver consistent and reliable service, allowing you to focus on your tasks without interruption.

Cloud Security

At Axya, we prioritize the security of your data in the cloud. To achieve this, we have chosen the renowned and secure AWS cloud services as our trusted infrastructure provider.

Our cloud environment is meticulously configured in accordance with the recommended secure practices advocated by AWS. By adhering to these industry-leading standards, we enhance the overall security of our platform, providing you with a robust and reliable cloud-based solution.

Access permission

The cloud is accessed only by authorized and trained employees. We follow the principle of least privilege that is employees are provided with minimum required permissions to carry out the task. We use AWS services and data centers situated in the Canada region over multiple availability zones.

Web application security

We use a defense-in-depth strategy to protect our cloud components hosting our application and holding customer data. Multiple defense layers consist of a firewall (WAF) which has rules for detection and prevention of DDoS, XSS, SQL injection, HTTP flooding, blocking scanners and probes, blacklisting malicious IP, etc., next there are security groups that limit access to the critical ports, scheduled server patching, etc.

Disaster and Incident handling

We formulated our tech considering disaster recovery possibilities. We back up our customer data in real-time and all backups are encrypted. We also have a system in place to protect from accidental deletion of data as well as to ensure data integrity. We also continuously monitor our cloud infrastructure using multiple tools like Cloudwatch, Prometheus, etc. In addition, we have also set up multiple channels to communicate the alerts, so that the remediation actions are taken quickly.

Application Security

Our application is developed following the best security practices recommended for web application development. Our developers are trained with these practices and are regularly made aware of the new security practices. We have initiatives like performing application security reviews, conducting vulnerability testing, etc. so as to ensure that the application is bug-free and secure throughout our software development lifecycle.

Secure development

Our application is developed using well-known secure open-source frameworks which have features to implement controls to mitigate risks like SQLi, XSS, CSRF, etc listed by OWASP. We also have scheduled processes for finding and fixing application vulnerabilities.

Testing environments and QA

We use separate environments for testing and production. Before the deployment of any new feature in production, the feature is thoroughly tested over multiple environments and multiple rounds of QA tests are performed until satisfactory secure performance is achieved.

HR Security

At Axya we make sure to perform employees' background checks as well as ensure that all the employees understand and practice good security hygiene.

Training

All employees are provided security training as a part of the onboarding process and are also trained on a regular basis.

Policies and confidentiality

We have developed policies which help to regulate the overall security of the company which are reviewed and refined annually. All the employees are bound by the confidentiality agreement.

Contact Us