Security is our top priority

Axify is committed to being the most trusted platform for software development teams. Data protection, quality and integrity are at the core of our operations. As a result, companies of all sizes and backgrounds choose Axify to improve their software delivery performance.

Axify-securite_section1
data security is axify's top priority

We're not taking any risks

We are committed to providing a transparent and secure experience to all our customers and users. Our team adheres to software security best practices, and we work with independent firms to test Axify's security.

The question on everyone's mind: do we have access to your code?

The answer is simply: no.

Trusted by elite dev teams

StatsRadio logo blanc
Nexapp logo blanc
QoHash logo blanc

How do we ensure data security?

axify-pictogrammes_adn

Customer trust is in our DNA

We maintain the highest data privacy and security standards because we know it's necessary to keep your data secure.

axify-pictogrammes_amazon

Secure and reliable infrastructure

Axify uses Amazon Web Services (AWS) to host staging and production environments. AWS data centers are monitored by 24×7 security, biometric scanning, and video surveillance and are SOC 1, SOC 2, and SOC 3 certified, a world-class safety guarantee.

axify-pictogrammes_check

Secure software development

The development team considers the OWASP Top 10 when planning tasks. In addition, all new code must be peer-reviewed before a developer can merge it onto the common core.

axify-pictogrammes_cadenas

Limited access to data

No organization, management, or marketing member has access to customer account data without prior written notice from the customer.

axify-pictogrammes_fleche

Sensitive data dissociated from application data

Sensitive data is segregated from the master database for protection in case of a breach. Furthermore, our data is encrypted both at transfer and repos.

axify-pictogrammes_attention

Incident management

In the unlikely event of a security breach, Axify will notify clients within 48 hours, and we will fix vulnerabilities ASAP.

axify-pictogrammes_clef

Proactive measures to limit our attack surface

We use a multi-tenant approach, meaning that even if a fraudster were to access a key, the other clients are protected. In addition, we can roll back to a later version in a few minutes in case of failure.

axify-pictogrammes_loupe

Active monitoring of our system usage

We have alarms when a certain number of queries is reached in a given period. In addition, we monitor our server usage and the number of database accesses and queries.

axify-pictogrammes_robot

Monitoring of the libraries we use

We periodically run static analysis commands to detect vulnerabilities. In addition, our "bot" nicknamed Bob the Builder systematically updates our libraries to limit exposure to security flaws in an old version of a library.

Axify-securite_section3

What about privacy?

Axify is committed to protecting your personal information. For more details, see our privacy policy.

Frequently asked questions

What information do you store?

Only the answers to team morale surveys and the scores of the various axes are currently persisted. In addition, each integration can persist data as needed.

Do you have access to our code?

No, we don't have that access. Our analysis and calculations use only the metadata of the pull requests. You have complete control over the permissions you grant us at all times.

How is our access managed (SSO, bastion, etc.)?

AWS SSO manages access to AWS accounts with Nexapp's Google organization. Only Nexapp Ops can assign members to Axify, and only the Axify development team has access to development and staging accounts. If there is a need to access the private resources of the application's internal network, a bastion accessible by SSH from Nexapp's VPN is required.

How many employees have access to the Axify production environment?

Only the development team actively working on the product has access to the production environment. As of March 2022, only six developers have access to this environment. No other member of the organization (management or employees) has access to it.

Who has access to customer code data?

The data sources are only accessible from AWS. The production account is managed via automation (infra-as-code) and is only accessible to the Ops team. If there is a need for access to the databases, it is possible to temporarily set up a bastion in the internal network, which needs to be authenticated by SSH from the Nexapp VPN.

Is the data encrypted end-to-end, during transfer and at repos?

Our data is encrypted both at transfer and repos. In addition, all databases are independently encrypted.

Where is this data hosted?

Axify's infrastructure uses mainly AWS services to manage and deploy its infrastructure. The use of Amazon PaaS allows for robust IT security and flexibility in deployments. Microsoft Teams Bots are hosted on Azure. DNS are managed from CloudFlare.

Is it possible to get information about an answer given by a specific individual to the team morale questions?

As the answers to chatbot questions are anonymous, this is not possible.

Security questions or issues?

Reach out to us, and we will get back to you as soon as possible.