Security is our top priority
Axify is committed to being the most trusted platform for software development teams. Data protection, quality and integrity are at the core of our operations. As a result, companies of all sizes and backgrounds choose Axify to improve their software delivery performance.
We're not taking any risks
We are committed to providing a transparent and secure experience to all our customers and users. Our team adheres to software security best practices, and we work with independent firms to test Axify's security.
The question on everyone's mind: do we have access to your code?
The answer is simply: no. Our analysis and calculations use only the metadata of the pull requests. You have complete control over the permissions you grant us at all times.
How do we ensure data security?
Customer trust is in our DNA
We maintain the highest data privacy and security standards because we know it's necessary to keep your data secure.
Secure and reliable infrastructure
Axify uses Amazon Web Services (AWS) to host staging and production environments. AWS data centers are monitored by 24×7 security, biometric scanning, and video surveillance and are SOC 1, SOC 2, and SOC 3 certified, a world-class safety guarantee.
Secure software development
The development team considers the OWASP Top 10 when planning tasks. In addition, all new code must be peer-reviewed before a developer can merge it onto the common core.
Limited access to data
No organization, management, or marketing member has access to customer account data without prior written notice from the customer.
Sensitive data dissociated from application data
Sensitive data is segregated from the master database for protection in case of a breach. Furthermore, our data is encrypted both at transfer and repos.
Incident management
In the unlikely event of a security breach, Axify will notify clients within 48 hours, and we will fix vulnerabilities ASAP.
Proactive measures to limit our attack surface
We use a multi-tenant approach, meaning that the other clients are protected even if a fraudster were to access a key. In addition, we can roll back to a later version in a few minutes in case of failure.
Active monitoring of our system usage
We have alarms when a certain number of queries is reached in a given period. In addition, we monitor our server usage and the number of database accesses and queries.
Monitoring of the libraries we use
We periodically run static analysis commands to detect vulnerabilities. In addition, our "bot" nicknamed Bob the Builder systematically updates our libraries to limit exposure to security flaws in an old version of a library.
What about privacy?
Axify is committed to protecting your personal information. For any question or request for information regarding Bill 25 and the management of personal data at Axify, please contact our Data Privacy Officer, Pier-Luc Rodrigue, at plrodrigue@axify.io, or our Security Officer, Bruno Gagnon-Adam, at bga@axify.io. For more details, see our privacy policy.
Frequently asked questions
What information do you store?
Only the answers to team morale surveys and the scores of the various axes are currently persisted. In addition, each integration can persist data as needed.
Do you have access to our code?
No, we don't have that access. Our analysis and calculations use only the metadata of the pull requests. You have complete control over the permissions you grant us at all times.
How is our access managed (SSO, bastion, etc.)?
AWS SSO manages access to AWS accounts with Nexapp's Google organization. Only Nexapp Ops can assign members to Axify, and only the Axify development team has access to development and staging accounts. If there is a need to access the private resources of the application's internal network, a bastion accessible by SSH from Nexapp's VPN is required.
How many employees have access to the Axify production environment?
Only the development team actively working on the product has access to the production environment. As of March 2022, only six developers have access to this environment. No other member of the organization (management or employees) has access to it.
Who has access to customer code data?
The data sources are only accessible from AWS. The production account is managed via automation (infra-as-code) and is only accessible to the Ops team. If there is a need for access to the databases, it is possible to temporarily set up a bastion in the internal network, which needs to be authenticated by SSH from the Nexapp VPN.
Is the data encrypted end-to-end, during transfer and at repos?
Our data is encrypted both at transfer and repos. In addition, all databases are independently encrypted.
Where is this data hosted?
Axify's infrastructure uses mainly AWS services to manage and deploy its infrastructure. The use of Amazon PaaS allows for robust IT security and flexibility in deployments. Microsoft Teams Bots are hosted on Azure. DNS are managed from CloudFlare.
Is it possible to get information about an answer given by a specific individual to the team morale questions?
As the answers to chatbot questions are anonymous, this is not possible.
Security questions or issues?
Reach out to us, and we will get back to you as soon as possible.