Table of Contents
On This Page
Security & Compliance at Avento
At Avento, we prioritize the security and privacy of your data. Our comprehensive security program is designed to protect your information and ensure compliance with global regulations and industry standards.
This page outlines our security practices, compliance framework, and the measures we take to maintain the highest level of protection for your data. Our security strategy is built on multiple layers of protection, continuous monitoring, and regular testing to stay ahead of emerging threats.
Enterprise-Grade Security
Advanced protection measures to safeguard your data at all times.
Compliance Excellence
Meeting and exceeding global security and privacy standards.
Transparent Practices
Clear security policies and processes you can trust.
Security Overview
Security Philosophy
Our security approach is founded on the principle of defense in depth. We implement multiple layers of security controls throughout our infrastructure and application stack. We believe in proactive security measures, continuous improvement, and transparency with our customers.
We approach security as a shared responsibility between Avento and our customers, providing you with the tools, controls, and information needed to configure security settings that meet your specific requirements.
Organizational Approach
Security at Avento is not just a technical function but an organizational priority. Our security team works across all departments to ensure that security considerations are built into every aspect of our operations, from product development to customer support.
We maintain a dedicated security team led by our Chief Information Security Officer (CISO), who reports directly to the CEO. This team is responsible for implementing and maintaining our security program, conducting regular risk assessments, and ensuring compliance with industry standards and regulations.
Technical Safeguards
Encryption
- • TLS 1.3 for all data in transit
- • AES-256 encryption for data at rest
- • End-to-end encryption for sensitive communications
- • Encryption key management with automatic rotation
Access Controls
- • Multi-factor authentication (MFA) enforcement
- • Role-based access control (RBAC)
- • Least privilege principle implementation
- • Automated access reviews and approvals
Infrastructure Security
- • Network segregation and firewalls
- • DDoS protection and mitigation
- • Secure cloud infrastructure with redundancy
- • 24/7 infrastructure monitoring
Advanced Security Features: Enterprise customers have access to additional security features including custom retention policies, advanced audit logging, and dedicated security controls. Learn more about enterprise security.
Operational Security
Employee Access
We strictly control employee access to customer data through a combination of technical controls and operational procedures:
- • Just-in-time access provisioning for support and maintenance
- • Automated access logging and anomaly detection
- • Background checks for all employees with access to sensitive systems
Security Training
All Avento employees undergo comprehensive security training:
- • Initial security orientation for new hires
- • Quarterly security awareness training
- • Role-specific security training for technical teams
- • Regular phishing simulations and testing
Vendor Management
We carefully vet and monitor our vendors to ensure they meet our security standards:
- • Comprehensive security assessment before vendor onboarding
- • Annual vendor security reviews
- • Data processing agreements with all vendors handling customer data
- • Continuous monitoring of vendor security posture
Compliance Framework
Industry Standards
Regulatory Compliance
GDPR
Full compliance with the General Data Protection Regulation for all European users. We serve as both a data controller and processor.
CCPA/CPRA
Compliance with California Consumer Privacy Act and California Privacy Rights Act requirements for California residents.
HIPAA
For healthcare customers, we offer Business Associate Agreements (BAA) and maintain HIPAA compliance for protected health information.
Certifications
Our security and compliance certifications are regularly audited and updated. You can request our latest certificates through your account manager or via our compliance contact form.
Data Breach Procedures
Our Commitment: While we implement extensive measures to prevent security incidents, we maintain robust processes to detect, respond to, and remediate any potential data breaches quickly and effectively.
Detection
- • 24/7 automated security monitoring
- • Advanced threat detection systems
- • Regular security log reviews
- • Intrusion detection and prevention
Response Plan
- • Dedicated incident response team
- • Documented incident response procedures
- • Regular incident response drills
- • Post-incident analysis and improvement
Notification Process
- • Timely customer notifications
- • Regulatory reporting as required
- • Clear communication about impact
- • Remediation recommendations
Breach Response Timeline
Detection & Classification
Immediate investigation following alert to determine severity and scope
Containment & Mitigation
Rapid action to limit impact and prevent further data exposure
Customer Notification
Within 72 hours for confirmed breaches affecting customer data
Regulatory Reporting
As required by applicable regulations (GDPR, etc.)
Post-Incident Analysis
Comprehensive review to prevent future incidents
Security Testing
Vulnerability Management
Our comprehensive vulnerability management program includes:
- • Automated vulnerability scanning of all systems
- • Risk-based prioritization of vulnerabilities
- • Defined SLAs for remediation based on severity
- • Regular reporting to leadership on vulnerability status
Remediation Timeframes
Penetration Testing
We conduct regular penetration testing to identify and address security weaknesses:
- • Quarterly internal penetration tests
- • Annual external penetration tests by third-party security firms
- • Testing of both infrastructure and application layers
- • Simulated social engineering attacks
Testing Methodology
Our penetration tests follow industry-standard methodologies including OWASP Testing Guide and NIST SP 800-115. Tests are conducted by certified security professionals (OSCP, CEH, GPEN) with extensive experience.
Customers with Enterprise plans can request summaries of our penetration test findings, with appropriate confidentiality agreements in place.
Continuous Security Assurance
Beyond scheduled testing, we maintain continuous security verification through automated scanning, code reviews, and runtime application protection. Our security testing is integrated into our development pipeline, ensuring security issues are identified and addressed early in the development process.
Bug Bounty Program
We partner with the security community to help identify and address security vulnerabilities through our bug bounty program. We welcome responsible disclosure of security vulnerabilities from external security researchers.
Program Scope
The following are in-scope for our bug bounty program:
- • The Avento.space web application
- • All Avento mobile applications
- • Avento API (api.avento.space)
- • User authentication systems
Out of Scope
- Social engineering
- Denial of Service attacks
- Physical security
- Third-party services
Reward Structure
Critical Vulnerabilities
$5,000 - $10,000
Remote code execution, authentication bypass, data exfiltration
High Severity
$1,000 - $5,000
SQL injection, XSS, CSRF with significant impact
Medium Severity
$250 - $1,000
Information disclosure, limited access control issues
Low Severity
$50 - $250
Minor configuration issues, non-sensitive information disclosure
Submission Guidelines
- • Submit reports via our secure submission portal
- • Provide detailed reproduction steps
- • Include proof of concept when applicable
- • Explain potential security impact
Response Timeline
- Initial acknowledgment: 24-48 hours
- Triage and assessment: 5 business days
- Reward determination: 10 business days
- Payment processing: 30 days after determination
Security FAQs
FAQ
Explore the common questions and answers about Celebration
How to create an account?
Amet minim mollit non deserunt ullamco est sit aliqua dolor do amet sint. Velit officia consequat duis enim velit mollit.
How can I make payment?
Amet minim mollit non deserunt ullamco est sit aliqua dolor do amet sint. Velit officia consequat duis enim velit mollit.
Do you provide discounts?
Amet minim mollit non deserunt ullamco est sit aliqua dolor do amet sint. Velit officia consequat duis enim velit mollit.
How do you provide support?
Amet minim mollit non deserunt ullamco est sit aliqua dolor do amet sint. Velit officia consequat duis enim velit mollit.
Didn’t find the answer you are looking for? Contact our support
Contact Security Team
Security Contact Information
Our security team is available to address your questions and concerns about Avento's security practices and policies.
Response Times
Initial Acknowledgment
We aim to acknowledge all privacy inquiries within 24 hours of receipt.
General Privacy Inquiries
Response to general privacy questions and clarifications.
Data Subject Requests
For data access, deletion, or modification requests in compliance with applicable laws.
For Enterprise Customers
Enterprise customers have access to expedited security support and can request:
- • Security assessment documentation
- • Custom security configurations
- • Dedicated security reviews
- • Enhanced security SLAs