Security

Enterprise-grade security

Your data security is our top priority. SOC 2 certified, encrypted, and monitored around the clock.

SOC 2
Type II Certified
99.99%
Uptime SLA
AES-256
Encryption Standard
< 1 hr
Incident Response

Data Protection

  • All data encrypted at rest using AES-256
  • TLS 1.3 for all data in transit
  • Regular penetration testing and security audits
  • Data residency options for EU customers
  • Automatic backups with 30-day retention

Encryption & Access

  • End-to-end encryption for sensitive data
  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • API key scoping with fine-grained permissions
  • Session management with automatic timeout

Compliance

  • SOC 2 Type II certified
  • GDPR compliant with DPA available
  • CCPA compliant
  • PCI DSS Level 1 compliant (via payment partners)
  • Annual third-party security audits

Infrastructure

  • Hosted on AWS with multi-AZ deployment
  • 99.99% infrastructure uptime SLA
  • DDoS protection via Cloudflare
  • Web Application Firewall (WAF)
  • 24/7 monitoring and alerting

Monitoring

  • Real-time intrusion detection
  • Anomaly detection for suspicious behavior
  • Comprehensive audit logging
  • Incident response SLA under 1 hour
  • Security incident notification within 24 hours

Privacy

  • Minimal data collection principles
  • No selling of customer data
  • Right to deletion support
  • Data export capabilities
  • Transparent privacy policy

Security FAQ

Where is my data stored?

All data is stored on AWS infrastructure in the US (us-east-1). EU data residency is available for Business and Enterprise plans, with data stored in eu-west-1 (Ireland).

Do you have SOC 2 certification?

Yes. Affilify has completed SOC 2 Type II certification. We can share our audit report under NDA upon request.

How do you handle security incidents?

We have a dedicated incident response team with an SLA of under 1 hour. Affected customers are notified within 24 hours of a confirmed incident, with full post-mortem reports published.

Can I sign a DPA?

Yes. We offer a standard Data Processing Agreement for all customers. Enterprise customers can request custom DPA terms.

How is affiliate payout data protected?

Payout data (bank details, PayPal emails) is encrypted at rest with AES-256 and in transit with TLS 1.3. Access is restricted to the payout processing service only.

Report a Vulnerability

We take security seriously. If you've found a vulnerability, please report it responsibly. We offer a bug bounty program for qualifying reports.

Report a Vulnerability View Security Docs