We know your strategy and roadmaps are extremely important to you and your business, and we take protecting them seriously. After all, our own business and product plans (and the plans for thousands of other companies) are hosted with Aha! as well. This is why every Aha! plan includes secure network communications over HTTPS and data encryption at rest.
The Aha! software and security infrastructure is architected to be one of the most secure and high-performance enterprise SaaS environments available today. It provides an extremely scalable and highly reliable platform that enables customers to set brilliant product strategy, define customer requirements, and build and share visual roadmaps quickly and securely.
Aha! encrypts all communication between customers and our data centers through Advanced Encryption Standard (AES) 128-bit encryption. All login and post-login web pages in Aha! are served over SSL. Aha! protects its system infrastructure by using dedicated firewall and VPN services to block unauthorized system access.
Tight access control systems are enforced. Aha! employees are not able to access customer data unless specifically required to do so for support reasons.
Aha! is ISO 27001 certified. This certification demonstrates our commitment to information security at every level of the organization.
ISO 27001 is an overarching management process to ensure that information security controls are in place on an ongoing basis. ISO 27001 certifies that Aha! has completed a rigorous evaluation of information security risks.
More information about ISO 27001 is available here.
Aha! complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Aha! has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.
More information about EU-U.S. Privacy Shield Framework is available here.
Aha! complies with the General Data Protection Regulation regarding processing of personal data of people in the European Union.
More information about GDPR is available here.
In addition to the security provided through the Aha! hosting environment and our own operational policies, there are many additional protective capabilities built into the application itself. Those capabilities include:
* Available for Enterprise+ plan customers
The Aha! cloud infrastructure is housed in highly secure, distributed data centers, which use state of the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24 hours a day by trained security guards, and access is authorized strictly on a least privileged basis.
Environmental systems in the data centers are designed to be redundant and minimize unforeseen disruptions and all personnel must be screened when leaving areas that contain customer data.
Aha! was designed from the ground up for massive, multi-tenant SaaS operations. Separation of customer account data and user permissions are baked in at every level in the software stack. This "secure by design" approach reduces the likelihood of accidentally introducing security holes in future releases.
We understand that you are trusting Aha! with important information. But since you cannot physically visit our data centers or review the software, how can you be sure that we have the right security controls in place?
It starts by understanding our background. The founding team has built six software companies -- the last two were acquired by Aruba Networks [ARUN] and Citrix [CTXS] respectively after deep due diligence.
You can also look to the fact that more than 150,000 users trust Aha! and it is one of the fastest growing enterprise SaaS companies. But most importantly, the answer lies in the actions that we take to protect your data.
Aha! regularly undergoes third party network and application security scans. We also have a significant list of compliance certifications for the Aha! platform. Each certification means that an auditor has verified that specific security controls are in place and operating as intended.