Overview

We know your strategy and roadmaps are extremely important to you and your business, and we take protecting them seriously. After all, our own business and product plans (and the plans for thousands of other companies) are hosted with Aha! as well. This is why every Aha! plan includes secure network communications over HTTPS and data encryption at rest.

The Aha! software and security infrastructure is architected to be one of the most secure and high-performance enterprise SaaS environments available today. It provides an extremely scalable and highly reliable platform that enables customers to set brilliant product strategy, define customer requirements, and build and share visual roadmaps quickly and securely.

World-Class Protection

Aha! encrypts all communication between customers and our data centers through Advanced Encryption Standard (AES) 128-bit encryption. All login and post-login web pages in Aha! are served over SSL. Aha! protects its system infrastructure by using dedicated firewall and VPN services to block unauthorized system access.

Tight access control systems are enforced. Aha! employees are not able to access customer data unless specifically required to do so for support reasons.

  • ISO 27001 Compliance

  • ISO 27001

    Aha! is ISO 27001 certified. This certification demonstrates our commitment to information security at every level of the organization.

    ISO 27001 is an overarching management process to ensure that information security controls are in place on an ongoing basis. ISO 27001 certifies that Aha! has completed a rigorous evaluation of information security risks.

    More information about ISO 27001 is available here.

  • EU-U.S. Privacy Shield

  • EU-U.S. Privacy Shield Framework

    Aha! complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Aha! has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.

    More information about EU-U.S. Privacy Shield Framework is available here.

Built-In Security

In addition to the security provided through the Aha! hosting environment and our own operational policies, there are many additional protective capabilities built into the application itself. Those capabilities include:

  • Single sign-on (SSO)
  • Two-factor authentication (2FA)
  • Sophisticated user permissions
  • Activity stream (for audits)
  • History of all changes (for audits)
  • Features and ideas export
  • Passcodes to secure presentations
  • Data encryption at rest
  • Anti-virus scanning*
  • IP address access control*
  • Account backup and export*

* Available for Enterprise+ plan customers

Secure Data Centers

The Aha! cloud infrastructure is housed in highly secure, distributed data centers, which use state of the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24 hours a day by trained security guards, and access is authorized strictly on a least privileged basis.

Data Center Compliance

  • SOC 1
    SOC 1
  • SOC 2
    SOC 2
  • SOC 3
    SOC 3
  • ISO 9001
    ISO 9001
  • ISO 27001
    ISO 27001
  • PCI
    PCI

Environmental systems in the data centers are designed to be redundant and minimize unforeseen disruptions and all personnel must be screened when leaving areas that contain customer data.

Aha! was designed from the ground up for massive, multi-tenant SaaS operations. Separation of customer account data and user permissions are baked in at every level in the software stack. This "secure by design" approach reduces the likelihood of accidentally introducing security holes in future releases.

Verifying Our Security

We understand that you are trusting Aha! with important information. But since you cannot physically visit our data centers or review the software, how can you be sure that we have the right security controls in place?

It starts by understanding our background. The founding team has built six software companies -- the last two were acquired by Aruba Networks [ARUN] and Citrix [CTXS] respectively after deep due diligence.

You can also look to the fact that more than 100,000 users trust Aha! and it is one of the fastest growing enterprise SaaS companies. But most importantly, the answer lies in the actions that we take to protect your data.

Aha! regularly undergoes third party network and application security scans. We also have a significant list of compliance certifications for the Aha! platform. Each certification means that an auditor has verified that specific security controls are in place and operating as intended.

Customers in our Enterprise+ plan can take advantage of our Concierge service to further review our security practices and learn more.

Fred-mojo-2_w440px

Roadmap software to manage your products.
Finally, connect strategy to execution.