The communication between you and our servers is encrypted with 128-bit SSL/TLS encryption. We use industry standard encryption for data traversing to and from the application servers.

All sensitive data is encrypted at rest with AES. All user passwords are securely hashed; passwords are never stored in plain text.

collect.AI’s computing infrastructure is provided by AWS, a secure cloud services platform. AWS’s physical infrastructure has been accredited under SOC 2, ISO 27001, PCI Level 1 and FISMA Moderate.

All data access to collect.AI is protected by a role-based access control system (RBAC), which only allows users to view data for which they have authorization. It is not possible for our customers to view data from other organizations.

We regularly check third-party software/services and apply patches. As soon as vulnerabilities are discovered, we will make the appropriate corrections.

We carry out annual penetration tests to ensure the security situation and uncover potential vulnerabilities. We use the services of an independent, qualified third-party provider for VAPT services.

Access to our production infrastructure requires multi-factor authentication and is restricted to authorized personnel only. We restrict access to customer data to those employees who need it to provide support and troubleshooting on behalf of the customer. Customer data is only accessed when required.

All collect.AI employees must complete a training course focusing on compliance, data protection and information security. This also covers industry best practice in relation to typical human attack vectors such as phishing, passwords, attachments, etc.

As part of Aareal Bank, we apply similar industry practices.
We conduct annual external audits with our clients from highly regulated industries such as banking and insurance. We conduct internal audits and risk assessments with our external Information Security Officer and Data Protection Officer.
In terms of information security, we are currently preparing for ISO 27001 certification.

Since 2019, our platform has been audited by TÜV with regard to data protection. We work in compliance with the GDPR in all departments and are prepared for the requirements arising from the EU Data Protection Act.