Security, Trust, and Privacy at the Forefront

We take the responsibility of capturing and storing your backups seriously. A deep focus security, trust, and privacy is an integral part of Alcion’s operations, production development, and regulatory compliance.

Join Alcion - Alcion

Hosting Infrastructure Security

Alcion uses Amazon Web Services (AWS) – the world’s most comprehensive and broadly adopted cloud platform – to provide reliable and secure Backup-as-a-Service solutions. Alcion does not use any on-premises infrastructure to deliver its services.

Our AWS infrastructure is strategically distributed across regions in the United States (N. Virginia), the European Union (Ireland), and the Asia-Pacific region (Sydney, Australia) to deliver high performance and ensure compliance with regional data protection regulations and global security standards.

The AWS data centers Alcion utilizes hold numerous industry-leading certifications, ensuring robust security and reliability for our services. Global certifications include, but are not limited to, ISO 27001, ISO 27019, SOC 2 Type II, CSA, and GDPR compliance. The data centers used by Alcion also support numerous regional certifications. More details can be found here.

Alcion employees have no physical access to the data center infrastructure used to provide services. Internal systems, including services used for development, use multi-factor authentication with a least-privilege model in use.

Storage and Encryption

All customer data is always encrypted, in-flight and at rest. In transit, all data transfers are encrypted with TLS. All stored backup data is client-side encrypted using AES-256 with per-customer keys in addition to the object store level encryption applied by AWS. Encryption keys are managed by the AWS KMS service. 

Compliance

SOC 2 Type II is a framework for managing and securing data that is important to the privacy and confidentiality of an organization's data and is awarded by the American Institute of CPAs (AICPA) to companies that adhere to high standards of data security and privacy.

Alcion is SOC 2 Type II certified, reflecting our uncompromising commitment to data security and privacy. This certification verifies that Alcion has stringent and effective controls and processes in place, ensuring the security, availability, and integrity of our customer’s data. It underscores our relentless pursuit of excellence in providing secure and reliable services, reinforcing customer trust and confidence in our Backup-as-a-Service solutions.

Our SOC 2 report Is available under our Mutual NDA (MNDA).

AICPA, SOC logo to illustrate Alcion's compliance with SOC Type II.

Privacy

A GDPR compliance logo to illustrate Alcion's compliance.A CCPA compliance logo to illustrate Alcion's compliance.A HIPAA / BAA compliance logo to illustrate Alcion's compliance.
A GDPR compliance icon

GDPR

Alcion diligently complies with the General Data Protection Regulation (GDPR), a regulation designed to empower individuals within the European Union regarding their personal data. Some of the highlights include:

Data Protection and Privacy: At Alcion, we respect our users’ rights to data protection and privacy. We implement robust measures to ensure the security, confidentiality, integrity, and availability of personal data processed through our services. Our systems are meticulously designed to prevent unauthorized access, disclosure, alteration, and destruction of user data.  

Lawful Processing: Alcion adheres to the principles of lawful processing, ensuring that personal data is processed fairly, lawfully, and transparently. We only process data based on legitimate interests, contractual necessities, legal obligations, or explicit consent from the individuals concerned.

Data Subject Rights: Alcion respects the rights of data subjects under GDPR, including the right to access, rectify, erase, restrict, port, and object to the processing of their personal data. We have features in place to facilitate these rights promptly and effectively, allowing users to have greater control over their backup data.

Data Breach Notification: In the unlikely event of a data breach that poses a risk to individual rights and freedoms, Alcion is prepared to notify the supervisory authority within 72 hours of becoming aware of the breach, in compliance with GDPR requirements. Data subjects affected by the breach will also be notified without undue delay.

Data Transfer and Storage: We ensure that personal data transferred outside the European Economic Area (EEA) is adequately protected and transferred in compliance with GDPR requirements. Our partnerships with AWS allow us to leverage their secure, compliant, and high-standard data centers located in the EU (Ireland) for storing and processing European customer data.

Alcion’s Data Processing Addendum (DPA) is available upon request. Questions for our Data Protection Officer can be sent to privacy@alcion.ai

A CCPA compliance icon

CCPA

Alcion also adheres to the California Consumer Privacy Act (CCPA), a statutory regulation aimed at enhancing privacy rights and consumer protection for residents of California, United States. Some of the highlights include:  

Consumer Rights and Transparency: Under the CCPA, Alcion recognizes and respects consumer rights to access, delete, and opt-out of the sale of their personal information. We maintain transparent data practices, ensuring consumers are fully informed about how their personal information is used, processed, and shared.

Data Collection and Processing: Alcion maintains clear and comprehensive disclosures about the categories of personal information we collect and the purposes for which they are used. We collect and process consumer information only for legitimate business purposes and do not sell personal information to third parties.

Data Security and Protection: We implement robust security measures and controls to safeguard consumer information against unauthorized access, disclosure, alteration, and destruction. Alcion is dedicated to maintaining the confidentiality, integrity, and security of personal information, providing assurance to our users regarding the protection of their data.

Service Providers and Third Parties: Alcion evaluates and selects service providers and third parties meticulously, ensuring that they adhere to comparable data protection standards and comply with the CCPA requirements. We maintain contractual agreements with all our partners to enforce the protection of consumer information.

Consumer Requests and Responsiveness: Alcion has established mechanisms for consumers to submit requests to exercise their rights under the CCPA, and we are committed to responding to such requests promptly and effectively. Consumers can inquire about their information and request access to, deletion of, or opt-out of the sale of their personal information by contacting privacy@alcion.ai.

A HIPAA / BAA compliance icon

HIPAA

Alcion aligns with the Health Insurance Portability and Accountability Act (HIPAA) regulatory requirements. We understand the importance of maintaining the confidentiality, integrity, and availability of Protected Health Information (PHI) and are fully equipped to support our healthcare clients in achieving and maintaining HIPAA compliance.  

We encourage healthcare providers and entities interested in our Backup-as-a-Service solutions to reach out to our sales team to discuss their specific needs and to determine eligibility for signing a Business Associate Agreement (BAA). Our BAAs are designed to clearly outline the responsibilities and expectations of both parties regarding the safeguarding of PHI, in accordance with HIPAA regulations.