header logo

Security

We understand the importance of protecting your data and are committed to ensuring confidentiality and privacy. Data is encrypted, storage is secure, and access is strictly controlled.

Reliability

Anduin’s infrastructure and applications are architected to achieve a high level of business continuity, which includes disaster recovery (DR) and high availability (HA).

Our DR solutions provide fully automated failover to a backup system so that our services can continue to operate without disruption. Customers’ data are continuously replicated across different availability zones on Amazon AWS cloud. In addition, all databases and document storage systems are backed up throughout the day.

Our HA solutions aim at offering 99.9% uptime. We employ a multi-layered approach to achieve this HA goal: rapid scaling in response to workload, application resilience to user errors and infrastructure failures, data resilience to corruption, and infrastructure resilience to environmental failures (e.g. machine down, network disconnection etc.).

Authentication

Anduin enforces a strong authentication flow from user logins to every single API request: our servers verify if users are who they claim to be.  We offer industry standards to achieve this goal:

  • 2-Factor authentication
  • Single-Sign-On
  • Strong password policy
  • Authenticated sessions are timed out
  • Standard authentication protocols for integration (OpenId Connect, OAuth 2.0, and SAML 2.0)
  • JWT tokens to protect authentication data in transit
  • Encryption to protect authentication data at rest

Permission

As a multi-tenant platform, our system enforces a strict authorization flow to all data access points: users are restricted from accessing data when they don’t have the right to do so.

Role-based security

Access rights are determined by a well-defined system of roles, for example:

Deal owner, deal participant, data room owner, and data room participant. This approach balances offering users flexible control of access rights to their data assets, while allowing strong enforcement of data access.

Pre-authorized access tokens for no login views

Our platform utilizes pre-authorized access tokens for secure and predefined actions, e.g., to e-sign, complete a task, or view a report, without logging in.

Encryption

All data transmitted to the Anduin system from clients is encrypted using HTTPS and SSL. Our user data and critical infrastructure configurations are encrypted using AES 256-bit. All encryption keys are protected by an industry-grade secret management tool. The secret vault is protected by a two-man integrity policy. We have initiated the process to obtain a SOC 2 Type 1 certification of our security design, and subsequently a SOC 2 Type 2 certification of our operating security enforcement.

Protection of customer data

Anduin’s privacy policy can be found here. At Anduin, our customer’s privacy is our first concern. We strive to use information to provide the best possible service while respecting the confidentiality of information we are entrusted with. Currently, we are compliant with the U.S. ESIGN Act of 2000 in terms of processing customers’ e-signature, and soon will be compliant with the EU General Data Protection Regulation (GDPR).

Enterprise network security

Anduin’s privacy policy can be found here. At Anduin, our customer’s privacy is our first concern. We strive to use information to provide the best possible service while respecting the confidentiality of information we are entrusted with. Currently, we are compliant with the U.S. ESIGN Act of 2000 in terms of processing customers’ e-signature, and soon will be compliant with the EU General Data Protection Regulation (GDPR).

Internal data access

Anduin’s privacy policy can be found here. At Anduin, our customer’s privacy is our first concern. We strive to use information to provide the best possible service while respecting the confidentiality of information we are entrusted with. Currently, we are compliant with the U.S. ESIGN Act of 2000 in terms of processing customers’ e-signature, and soon will be compliant with the EU General Data Protection Regulation (GDPR).

Anduin’s privacy policy can be found here. At Anduin, our customer’s privacy is our first concern. We strive to use information to provide the best possible service while respecting the confidentiality of information we are entrusted with. Currently, we are compliant with the U.S. ESIGN Act of 2000 in terms of processing customers’ e-signature, and soon will be compliant with the EU General Data Protection Regulation (GDPR).

Data access controls (such as separation of duties) are designed to prevent personnel from mishandling of data. These access controls are continually reviewed and updated, as necessary.

Monitoring, alert and response

Anduin’s privacy policy can be found here. At Anduin, our customer’s privacy is our first concern. We strive to use information to provide the best possible service while respecting the confidentiality of information we are entrusted with. Currently, we are compliant with the U.S. ESIGN Act of 2000 in terms of processing customers’ e-signature, and soon will be compliant with the EU General Data Protection Regulation (GDPR).

Email security

Anduin’s privacy policy can be found here. At Anduin, our customer’s privacy is our first concern. We strive to use information to provide the best possible service while respecting the confidentiality of information we are entrusted with. Currently, we are compliant with the U.S. ESIGN Act of 2000 in terms of processing customers’ e-signature, and soon will be compliant with the EU General Data Protection Regulation (GDPR).

Audit logs

Anduin’s privacy policy can be found here. At Anduin, our customer’s privacy is our first concern. We strive to use information to provide the best possible service while respecting the confidentiality of information we are entrusted with. Currently, we are compliant with the U.S. ESIGN Act of 2000 in terms of processing customers’ e-signature, and soon will be compliant with the EU General Data Protection Regulation (GDPR).

Compliance

Anduin is compliant with the following:

  • Anduin is compliant with the following:
  • The Uniform Electronic Transactions Act
  • The U.S. ESIGN Act of 2000
  • eiDAS (electronic, Identification, Authentication and trust Services) No. 910/2014 from the European Union (Basic and Advanced Levels)
  • Write Once Read Many Archiving (WORM)
  • SOC 2 Type I 
  • EU General Data Protection Regulation (GDPR) compliance

See how Anduin can power your next raise