Security

Enterprise-grade security, every step of the way

Maximize your data impact, securely and with total control

We audit, test, and drill so you have peace of mind

Information security is part of our DNA at Alkymi, which is why we undergo an annual SOC 2 Type 2 examination and conduct regular business continuity/disaster recovery drills—each led by best-in-class independent auditors and testers. 

Alkymi uses third-party security experts to perform yearly penetration tests of our applications. Additionally, we perform static and dynamic code analysis. Hands-on QA as well as automated & synthetic QA is performed prior to any release. All releases are documented in Alkymi's user-facing release notes, and, where applicable, our product documentation is updated. Software features are monitored 24/7 with automated tests and alerting. All of this is in addition to our robust information security program which includes our risk identification and management program, security training, secure development practices, and more.

Enterprise-grade infrastructure

Built for the most thorough IT requirements

Alkymi is hosted securely in the cloud through Tier IV SOC 2 and ISO 27001 compliant data centers. Alkymi’s cloud infrastructure is best-in-class, having passed dozens of rigorous enterprise information security reviews. To help protect data in transit, web sessions are encrypted utilizing the transport layer security (TLS) encryption protocol. Data at rest is encrypted using the AES 256 algorithm. SAML-based SSO is available for all deployment models. Alkymi supports custom integrations into a customer's SSO by using OpenID Connect on Auth0. Alkymi also supports SSO through social identity providers that are supported by Auth0 (e.g., Google). We understand our customers’ needs, which is why we have invested in the ability to provide private clouds, support enterprise logins, produce regular audit reports, and support hosting customer data in the EU if required under GDPR.

Securely leverage LLMs

When using our products and features powered by large language models, customers can choose to leverage Alkymi-hosted LLMs, third-party externally-hosted LLMs, or their own customer-hosted LLMs. Our Alkymi-hosted LLMs are hosted entirely within our cloud environment (or, if applicable, a customer's Private Cloud deployment) and customer data is fully contained within our infrastructure. Where Alkymi leverages optional third-party services, such as GPT models through the enterprise Microsoft Azure OpenAI API, we do our homework so that you can have confidence in where your data passes through and how it is stored. Any third-party services we utilize are HIPAA and GDPR compliant and meet the ISO 27001 standard. When leveraging a third-party LLM, your data is isolated, encrypted both at rest and in transit, and not used to train third-party models. With Alkymi, you can be on the cutting-edge of AI without sacrificing your security.

24x7 monitoring, backups, and protection

Any of your data stored with Alkymi is encrypted, backed up, and locked down. Alkymi’s runtime infrastructure is protected by a threat detection service that continuously monitors accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. Your data is protected, from import to export.

Additional best practices at Alkymi

  • Onboarding process: All new employees, contractors and vendors must pass a comprehensive background check including criminal and employment verification checks.
  • Mobile Device Management (MDM): All corporate laptops have hard drives encrypted and are managed by an MDM service with anti-virus, auto-update, and remote-wipe capabilities.
  • Password policy: Complex passwords with a minimum length of 16 characters must be generated by the corporate password manager application. Multi-factor authentication must be enabled for all systems that contain Alkymi or customer sensitive data.
  • Risk management program: Alkymi conducts a risk assessment annually with the goal to identify and manage opportunities and threats within its people, assets, and operations, in accordance with organizational goals and objectives.