Security and Certifications

Secure your digital assets and ensure data protection, compliance, and accessibility with AIDA

In an increasingly digitized world, the protection of information and compliance with regulations become essential aspects for businesses of any size.

Our goal is to provide you with a reliable and secure solution for the storage, retrieval, and sharing of your documents in the cloud, while ensuring maximum privacy and adherence to current regulations.

AIDA is designed to offer an intuitive and high-performing user experience, without compromising data security. Thanks to the use of the most advanced encryption technologies, a dependable cloud infrastructure, and strict compliance policies, we can guarantee that your information is always protected and accessible only to authorized individuals.

AIDA - GDPR - HIPAA
Security and Certifications

Certifications

AIDA's environment is HIPAA compliant and adheres to GDPR principles.

The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law that defines the requirements for handling personal protected health data: this ensures that every information in AIDA is treated with the most elevated level of privacy.

If you have any questions related to our privacy policy and compliances, please contact our Data Protection Officer: privacy@tclab.it.

Security and Certifications

Infrastructure

AIDA is hosted entirely in AWS’s cloud.

Each piece of infrastructure is inherently redundant, always available and adapts to workloads by using both horizontal scaling and continuous monitoring with automatic recovery routines.

Infrastructure is located across AWS's regions of Ireland, London (UK), Frankfurt (Germany) and North Virginia (US).

AIDA browser application (www.aidacloud.com) is deployed through a CDN network provided by AWS to guarantee the fastest access time and unlimited scaling throughout the world.

AIDA - Powered by AWS
AIDA - encryption and security
Security and Certifications

Encryption

Data encryption

In transit (end-to-end: from user's endpoint to AIDA): the connection from the user's endpoint is always encrypted by using HTTPs with TLS 1.3 (including HSTS)
In transit (inside AWS network): connection between AIDA’s cloud resources is always encrypted with HTTPs or similar technologies, and user’s data never leaves AWS own data centers. This includes, but it's not limited, to connections between AIDA and the databases needed for processing.
At rest: all data at rest, ie all data that is stored in AIDA until the user decides to delete it or it's no longer needed for processing (whichever comes first), is securely stored and encrypted with AES 256 keys.

User account passwords

All user passwords are saved with a strong unidirectional hashing algorithm that is industry standard and will be updated as new standards emerge.
Security and Certifications

Audit and monitoring

We've set in place automatic notifications that are sent to our engineers as soon as a problem or an error is detected, so they can quickly identify and proactively fix them.

We log KPIs of the infrastructure in order to enable us to proactively intervene whenever anomalies may occur.

AIDA - Automatic monitoring
AIDA - Coding best practices
Security and Certifications

Coding best practices and Continuous Deployment

We follow programming best practices such as OWASP Secure Coding Practices to ensure code quality and ease of maintenance. Each time the code changes, it undergoes both automatic and manual review, in order to make sure it can be deployed safely onto production.

We also follow TDD (Test-driven development) principles, such as unit testing, integration testing, and automatic UI tests.

We strongly believe in agile development and we have developed techniques that enable us to continuously update the software in production without disrupting user's operations (Continuous Deployment)

.