Security
Maximize your data impact, securely and with total control
Information security is part of our DNA at Alkymi, which is why we undergo an annual SOC 2 Type 2 examination and conduct regular business continuity/disaster recovery drills—each led by best-in-class independent auditors and testers.
Alkymi uses third-party security experts to perform yearly penetration tests of our applications. Additionally, we perform static and dynamic code analysis. Hands-on QA as well as automated & synthetic QA is performed prior to any release. All releases are documented in Alkymi's user-facing release notes, and, where applicable, our product documentation is updated. Software features are monitored 24/7 with automated tests and alerting. All of this is in addition to our robust information security program which includes our risk identification and management program, security training, secure development practices, and more.
Alkymi is hosted securely in the cloud through Tier IV SOC 2 and ISO 27001 compliant data centers. Alkymi’s cloud infrastructure is best-in-class, having passed dozens of rigorous enterprise information security reviews. To help protect data in transit, web sessions are encrypted utilizing the transport layer security (TLS) encryption protocol. Data at rest is encrypted using the AES 256 algorithm. SAML-based SSO is available for all deployment models. Alkymi supports custom integrations into a customer's SSO by using OpenID Connect on Auth0. Alkymi also supports SSO through social identity providers that are supported by Auth0 (e.g., Google). We understand our customers’ needs, which is why we have invested in the ability to provide private clouds, support enterprise logins, produce regular audit reports, and support hosting customer data in the EU if required under GDPR.
When using our products and features powered by large language models, customers can choose to leverage Alkymi-hosted LLMs, third-party externally-hosted LLMs, or their own customer-hosted LLMs. Our Alkymi-hosted LLMs are hosted entirely within our cloud environment (or, if applicable, a customer's Private Cloud deployment) and customer data is fully contained within our infrastructure. Where Alkymi leverages optional third-party services, such as GPT models through the enterprise Microsoft Azure OpenAI API, we do our homework so that you can have confidence in where your data passes through and how it is stored. Any third-party services we utilize are HIPAA and GDPR compliant and meet the ISO 27001 standard. When leveraging a third-party LLM, your data is isolated, encrypted both at rest and in transit, and not used to train third-party models. With Alkymi, you can be on the cutting-edge of AI without sacrificing your security.
Any of your data stored with Alkymi is encrypted, backed up, and locked down. Alkymi’s runtime infrastructure is protected by a threat detection service that continuously monitors accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. Your data is protected, from import to export.