At AhaSlides, our users’ privacy and online security are our top priority. We’ve taken all the necessary steps to ensure that your data (presentation content, attachments, personal information, participants’ response data, et. al) is kept safe at all times.
AhaSlides Pte Ltd, Unique Entity Number: 202009760N, is hereinafter referred to as “we”, “us”, “our” or “AhaSlides”. ”You” shall be interpreted as the person or entity who has signed up for an Account to use our Services, or the persons who use our Services as a member of an Audience.
AhaSlides maintains a list of Authorised Personnel with access to the production environment. These members undergo criminal background checks and are approved by AhaSlides’ Management. AhaSlides also maintain a list of personnel who are permitted to access AhaSlides code, as well as the development and staging environments. These lists are reviewed quarterly and upon role change.
Trained members of the AhaSlides’ Customer Success team also have case-specific, limited access to user data stored in AhaSlides through restricted access customer support tools. Customer support team members are not authorised to review non-public user data stored in AhaSlides for customer support purposes without explicit permission by AhaSlides’ Engineering Management.
Upon role change or leaving the company, the production credentials of Authorized Personnel are deactivated, and their sessions are forcibly logged out. Thereafter, all such accounts are removed or changed.
AhaSlides production services, user content, and data backups are hosted on Amazon Web Services’ (“AWS”) platform. The physical servers are located in AWS’s data centers in the US East (North Virginia) Region, USA. As of this date, AWS (i) has certifications for compliance with ISO/IEC 27001:2013, 27017:2015 and 27018:2014, (ii) is certified as a PCI DSS 3.2 Level 1 Service Provider, and (iii) undergoes SOC 1, SOC 2 and SOC 3 audits (with semi-annual reports). Additional details about AWS’ compliance programs, including FedRAMP compliance and GDPR compliance, can be found at AWS’ website.
We do not offer customers the option of hosting AhaSlides on a private server, or to otherwise use AhaSlides on a separate infrastructure.
In the future, if we move our production services and user data, or any part of them, to a different country or a different cloud platform, we will give a written notice to all of our signed up users 30 days in advance.
Security measures are taken to protect you and your data both for data at rest and data in transit.
Data at rest
User data is stored on Amazon RDS, where data drives on servers use full disk, industry-standard AES encryption with a unique encryption key for each server. File attachments to AhaSlides presentations are stored in Amazon S3 service. Each such attachment is assigned a unique link with an unguessable, cryptographically strong random component, and are only accessible using a secure HTTPS connection. Additional details on Amazon RDS Security can be found here. Additional details on Amazon S3 Security can be found here.
Data in transit
AhaSlides uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128-bit Advanced Encryption Standard (“AES”) encryption. This includes all data sent between the web (including the landing web site, the Presenter web app, the Audience web app, and internal administrative tools) and the AhaSlides servers. There is no non-TLS option for connecting to AhaSlides. All connections are made securely over HTTPS.
Backups and Data Loss Prevention
Data is backed up continuously and we have an automatic failover system if the main system fails. We receive powerful and automatic protection through our database provider at Amazon RDS. Additional details on Amazon RDS Backup and Restore commitments can be found here.
We encrypt (hashed and salted) passwords using the PBKDF2 (with SHA512) algorithm to protect them from being harmful in the case of a breach. AhaSlides can never see your password and you can self-reset it by email. User session time-out is implemented meaning that a logged-in user will be automatically logged out if they are not active on the platform.
We use PCI-compliant payment processor Stripe and PayPal for encrypting and processing credit/debit card payments. We never see or handle credit/debit card information.
We have in place and will maintain appropriate technical and organisational measures to protect personal data as well as other data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and against all other unlawful forms of processing (a “Security Incident”).
We have an incident management process to detect and handle Security Incidents which shall be reported to the Chief Technology Officer as soon as they are detected. This applies to AhaSlides employees and all processors that handle personal data. All Security Incidents are documented and evaluated internally and an action plan for each individual incident is made, including mitigatory actions.
Security Revision Schedule
This section shows how often AhaSlides conducts security revisions and conducts different types of tests.
|Staff security training||At beginning of employment|
|Revoke system, hardware and document access||At end of employment|
|Ensures access levels for all systems and employees are correct and based on the principle of least privilege||Once a year|
|Ensure all critical system libraries are up-to-date||Continuously|
|Unit and integration tests||Continuously|
|External penetration tests||Once a week|
Some parts of our offices share buildings with other companies. For that reason, all accesses to our offices are locked 24/7 and we require mandatory employee and visitor check-in at door using a Smart Key Security System with live QR Code. Additionally, visitors must check-in with our front desk and require an escort throughout the building at all times. CCTV covers entry and exit points 24/7 with logs made available to us internally.
AhaSlides’ production services are hosted on Amazon Web Services’ (“AWS”) platform. The physical servers are located in AWS’ secure data centers as stated in section “Data Security” above.
- June 2020: Update to the following section: Physical Security.
- May 2020: First version of page.
Have a question for us?
Get in touch. Email us at email@example.com.