Last updated: Jan 02, 2024

Adaline is committed to securing data, eliminating system vulnerabilities, and ensuring continuity of access. Adaline uses industry-leading technologies and services to secure data from unauthorised access and loss.

Security processes and controls are owned by Adaline’s Chief Technology Officer and are maintained by the engineering & operations teams.

All Adaline employees undergo background checks before starting and are trained on security practices during company onboarding and on an annual basis.

Services covered

This document summarizes the security controls applicable to the Adaline platform, which is made up of the web application, the API and the SDKs. This represents the total surface area of the platform. More detailed documentation describing the platform can be found here.

Related documents

As part of Adaline’s security program, other related documents are:

1. Terms of Service
2. Privacy Policy
3. List of Subprocessors

Infrastructure

Adaline is a cloud first platform and leverages Google Cloud Platform (GCP) as the chosen cloud provider for production workloads:

• Adaline inherits the data center controls as outlined by GCP. Information about security audits received by GCP is available from the GCP security website.
• Adaline is the assigned administrator of the AWS infrastructure and only designated authorized Adaline team members have access to change infrastructure configuration on a least privilege, as needed basis. Two-factor authentication within the virtual private network is required.
• A single instance of the Adaline platform is provisioned in a single environment that is fully contained within its own secure virtual private cloud (VPC) with a firewall configuration that adopts the position of least privilege.
• Any specific private keys required by the platform are stored in a secure and encrypted location.

Data controls

Segregation

Separate environments are provisioned and maintained for the purposes of development, quality assurance/user acceptance testing and production, to ensure data segregation at the environment level.