Your security is our top priority

Data protection is vital for every business, but especially yours. At Avoma, we take every measure possible to ensure your data is protected and safe.

Data Center and Network Security

Avoma hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3 and ISO 27001. See Amazon's compliance and security documents for more detailed information.  100% of Avoma's primary application servers are located within Avoma's own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Application Security

Web application architecture and implementation are built in Elixir/Erlang with the Phoenix framework and OWASP guidelines.  Avoma conducts application penetration testing by a third party at least annually in addition to Avoma's continued internal testing and review program.

Data Security

All connections to Avoma are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. All customer data (including call recordings and transcripts) is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys.  We use industry-standard AWS-managed PostgreSQL RDS and ElasticSearch data storage systems hosted within AWS.

Security and Development Practices

  • Design of all new product functionality is reviewed for security impact, with Avoma conducting mandatory code reviews for all changes to the code. Avoma’s development and testing environments are separate from its production environment. All code development is done through a standard process. 
  • Vulnerability Disclosure Process – Avoma considers privacy and security to be the core functions of our platform. Earning and keeping the trust of our customers is our top priority; therefore, we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would be eager to hear from you. 

Please reach out to us at with questions. We have a policy of responding to security reports within 24 hours.