Customers worldwide trust ALLO with billions of documents, events, and files, relying on our dedication to data privacy and security. This page explains our methods for protecting your data. As we continually improve and strengthen our security, we will update this information to keep it accurate and complete.
Six layers of protection, from cloud infrastructure to payment handling, applied at every stage of the customer data lifecycle.
ALLO uses Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) across our cloud infrastructure. These providers offer enterprise-grade security including perimeter defenses, biometric access, camera monitoring, and 24/7 on-site personnel. They comply with SOC 1, SOC 2, SOC 3, ISO 27001, HIPAA, and more, verified by third-party audits.
We enforce administrative, technical, and physical safeguards to detect, prevent, and respond to security threats. This ensures that customer data is protected across the entire access and incident lifecycle.
ALLO follows a Secure Software Development Lifecycle (S-SDLC), which includes both automated and manual security reviews. This ensures that security is integrated throughout the entire development process.
Source: CASA Tier 2We maintain encrypted backups of all critical data and use distributed fault-tolerant infrastructure to ensure business continuity. Automated systems handle recovery, ensuring resilience in the event of outages or system failures.
All data in transit is protected using TLS 1.2, and data at rest is encrypted with AES-256, a robust industry-standard encryption method. These protections ensure the confidentiality and integrity of your information.
All credit card information entered on ALLO is processed via Stripe, which is PCI-DSS Level 1 certified, the highest level of certification. Stripe handles all sensitive data; no credit card details are stored on ALLO’s servers.
Source: Stripe SecurityALLO completed CASA Tier 2 validation through the App Defense Alliance. The assessment uses application security requirements aligned with OWASP ASVS, and validation evidence is reviewed by authorized assessors.
Source: App Defense Alliance CASAIf you discover a vulnerability or need security details for a review, email the security team directly.
These details describe ALLO's current security posture and may change as our infrastructure, product, and industry requirements evolve.