Compliance
At AllVoices, our security team develops policies and controls, monitors compliance with established controls, and demonstrates our security compliance to third-party auditors.
GDPR compliant
SOC2 Type 2 compliant
CCPA compliant
.png)
.png)
Data Protection and Privacy
Encryption safeguards your data at AllVoices
When you report via AllVoices, we ensure your data remains safe and private using top-tier encryption protocols like Advanced Encryption Standard (AES 256) and Transport Layer Security (TLS 1.3). All sensitive data is encrypted at rest and in transit with the minimum of server-level encryption. For specific fields and collections deemed highly sensitive, we further include tertiary encryption at row-field level.
Leveraging secure cloud infrastructure
AllVoices leverages modern cloud infrastructure, specifically Amazon Web Services (AWS), to host its APIs and services. AWS is a leading cloud provider renowned for its extensive security measures and compliance with global standards. This strategic choice allows AllVoices to provide reliable, secure services to its clients, maintaining the highest standards of data integrity and confidentiality.
AI and use of LLMs
Allvoices leverages secure and enterprise-level LLMs to empower our customers with state-of-the-art features. Under no circumstance does AllVoices use any customer data to train or improve any AI model or pre-trained LLMs. Refer to AI FAQs for more information.
Data Retention
At AllVoices, we prioritize your privacy. We only retain user and customer data as needed to provide our services or as mandated by regulatory authorities, ensuring full transparency from the start. When you sign an agreement with us, we make it clear what data we collect — no hidden agendas, no misleading practices. Your trust, our commitment. Check out our Data Retention Policy for more information.
Product Monitoring
Independent Penetration Testing
AllVoices partners with reputable industry-leading third-party firms to conduct penetration testing at least once a year. All areas of AllVoices product, infrastructure, and APIs are within the scope of penetration testing to maximize the coverage and independent analysis of our services.
Continuous Monitoring and Vulnerability Scanning
AllVoices partners with Vanta to continuously monitor our systems and infrastructure as we bring more value to our customers. We also utilize services to continuously monitor package updates and open-source packages for any vulnerabilities. Continuous monitoring ensures we identify any issues head on without impacting any of our customers.
User Security
1) Multi-factor Authentication
To help ensure a secure account connection, all accounts accessing the platform can add two-factor authentication as an additional security measure. Customers can also configure Single-Sign On (SSO) to make all login features even more secure to provide you peace of mind.
2) AllVoices Employees
All employees go through thorough background checks and records are maintained for continuous monitoring. Access of employees to production data is limited to the principle of least privilege, but those who get access sign a confidentiality agreement (NDA). However, customer data remains encrypted regardless of anyone’s production access.
3) AllVoices Computers
We secure our employees’ work machines using anti-malware software to detect any anomalies. Employees are required to use our VPN to access production work sites to eliminate any network based breach. All work machines have Vanta monitoring installed to ensure technical compliance with internal procedures.
Governance Philosophy
Our philosophy is based on following foundational fundamentals:
Security controls must be applied consistently across all areas of the organization and services we provide.
Security controls must practice defense-in-depth principles, ensuring multiple layers of controls are implemented for robust and comprehensive protection.
The process of defining and implementing controls must be iterative with a focus on continuous improvement with the goal of enhanced auditability and reduced friction.
The process of granting access must utilize the concept of PoLP (principle of least privilege) meaning a minimum level of access required to perform a business task is given.
Got more questions? Email us at support@allvoices.co and we'll respond ASAP.
Security
AllVoices employs multi-factor authentication and strict access controls based on PoLP to protect against unauthorized access.
Yes, AllVoices conducts regular security audits, continuous monitoring, and maintains SOC2 compliance. AllVoices also does annual penetration testing with a reputable third party auditor.
AllVoices follows a Secure Development Policy with formal change control, version control, and security testing.
Security policies are reviewed annually and updated as needed.
While AllVoices has never experienced a data breach, we have prepared a detailed incident response plan, including notification, containment, and remediation steps.
No, AllVoices has never experienced any data breach of any kind.
Yes, third-party vendors are assessed for security as part of the vendor management process.
Anti-malware software is used on all employee devices, and regular scans are conducted via Vanta and Bitwarden.
AllVoices uses TLS for securing data in transit and AES-256 for data at rest.
AllVoices employs multi-factor authentication and strict access controls based on PoLP to protect against unauthorized access.
Yes, AllVoices complies with GDPR and other relevant data protection regulations.
Yes, AllVoices maintains SOC 2 Type 2 compliance.
Data Privacy & Retention
AllVoices collects minimal personal data (PII) necessary for providing its services and ensures transparency during agreement signing.
Yes, AllVoices complies with CCPA and other relevant data protection regulations.
Yes, AllVoices is transparent about data collection practices during agreement signing and in its privacy policy.
Users can request data deletion by contacting AllVoices support with their specific request.
Data retention periods vary based on regulatory and business requirements, and data is securely deleted post termination of contract or requested by user.
No, AllVoices does not use personal data of customers to train or improve any AI LLM model. Any policy handbook or document uploaded to Vera also is not used in any way to improve or train any model.
Our pricing depends on a few factors, such as the features being purchased and the number of employees at your company. For more information, check out our pricing page.
AI Co-Pilot
VERA (Virtual Employee Resource Assistant) is an AI-driven tool designed to enhance efficiency in HR case management, investigations, and data.
VERA leverages GPT-4o, GPT-3.5 turbo and GPT-4 models from OpenAI.
VERA offers case summarization, auto-drafted messages, data analytics (VERA Insights), task suggestions, support chat and much more.
Yes, VERA can be customized to fit an organization's specific needs, including uploading company policies and handbooks.
Yes, AllVoices allows disabling VERA for any company that prefers not to use it.
No, AllVoices has an Enterprise level agreement with OpenAI to not use any data of any sort for training or model improvement purposes. This means OpenAI never uses your data for model training.
VERA adheres to strict data privacy standards and does NOT use customer information and data for any AI training.
AllVoices helps People Teams surface, investigate and respond to workplace incidents more consistently and efficiently. AllVoices offers audit-ready documentation, early trend detection, and AI-powered features to save People Teams time on manual tasks.
