Software that practically runs itself

We comply with PIPEDA standards.

Our clients' Avanti Databases and all of the associated proprietary data, including all PII, is stored exclusively in Canada. Avanti uses Microsoft Azure and its associated managed data centers in Ontario, and Quebec (for disaster recovery).

Separate and apart from the Avanti Database, Avanti employs third party service providers (e.g., CRM such as Salesforce and Application Process Monitoring services) designed to enhance the services we provide clients. Metadata derived from the use of the Avanti Database (e.g., crash logs, contact information) may be transferred to and processed by a provider outside of Canada.

Avanti employs a multi-layered approach to protecting your data from a security, reliability, and redundancy perspective. These layers are audited and verified as part of our annual SOC 1 Type 2 audit.

Security:
All data at rest, in transit, and backups within the Avanti SaaS Ecosystem is encrypted using AES256 protocols. Each client leverages a unique database which is secured and only accessible by them. All traffic within our network has been subjected to a penetration test.

Reliability:
We actively monitor our data ecosystem for any errors which would indicate a failure in our ability to grant you access to your data or the quality of your data. We want to ensure you have the access you need to your data and that the data you are accessing is correct.

Redundancy:
We maintain hourly transactional backups and daily full database backups combined with daily VM backups. These backups are stored in a geo-redundancy state, meaning we could restore them to a secondary data center within Canada at will. Backups are retained for 90 days. We conduct semi-annual Disaster recovery exercises in which we restore our entire data ecosystem to a secondary site. This ensures that we can commit to restoring your data promptly and that the data is backed up in a usable state.

Issues are identified as part of the Penetration Testing process and are then prioritized according to their criticality and impact to our ecosystem.

In the event of a security incident or unauthorized access to your data, Avanti commits to notifying you as soon as reasonably practical. We will explain the nature and impact of the incident, including the source of breach and an assessment of the data impacted, along with suitable actions that you may need to take, as well as our own remediation plan.

We commit to 99.5% availability between Business Hours, defined as 8:00 am to 5:00 pm in your local timezone.

We have a documented and management-approved incident management plan, which covers Identification & Triage, Investigation, Communication, Resolution and Review & Closedown.

We routinely run data breach and incident simulation exercises to test the efficacy of our planning.

Yes, Avanti Users can have their permissions and access managed by User Class. Class A is for the Admin/Super Users (desktop and Web Access), Class B is for Managers (Web only access and some additional permissions), Class C is for Employees (Web only access). Even within a User Class, there is a high degree of flexibility in managing Access and permissions (e.g., read, write, etc.).

It depends on your Client contract. Typically, we work with any departing client to best support their transition, which may result in purging data shortly after the termination date, or retaining data for a pre-determined time period (potentially including for a fee). Our intent is to support our Client’s needs while reducing the time we retain any sensitive data. For those requesting that we remove their data promptly, we will retain the data for no longer than 90 days in our backups.