> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runalloy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# FAQs

> Want to learn more about how we handle best practices at Alloy? See our FAQ below. If you still don't see an anwser you're looking for, be sure to contact your support rep.

You can also visit our security page [here](https://runalloy.com/security/) to learn more.

<AccordionGroup>
  <Accordion title="What is SOC 2?">
    SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
  </Accordion>

  <Accordion title="What the Alloy SOC 2 Report?">
    Alloy's annual SOC 2 report tests our controls to ensure we are in continuous compliance with SOC 2 requirements. This means ensuring our systems are secure, safe, and that our personnel follow a set of security best practices.
  </Accordion>

  <Accordion title="Are you SOC 2 Type I and II compliant?">
    Yes. Alloy is SOC 2 Type I and II compliant.
  </Accordion>

  <Accordion title="How can I view the Alloy SOC 2 report?">
    Contact your account rep to request a copy of the Alloy SOC 2 Report.
  </Accordion>

  <Accordion title="Is an NDA required to receive Alloy SOC reports?">
    Yes, an NDA is required to review the Alloy SOC 2 reports. Please contact us to begin the process.
  </Accordion>

  <Accordion title="Where are your data centers located?">
    Alloy is hosted on the AWS Cloud. Our primary data center is hosted in the US region.
  </Accordion>

  <Accordion title="How can I request specific merchant data be deleted in Embedded?">
    We provide compliance endpoints which are better described in our API reference. These endpoints allow you to search for a specific user and wipe all data from Alloy servers for that account.
  </Accordion>

  <Accordion title="Do you have an SLA?">
    Yes! We have a standard SLA which is available [here](https://runalloy.com/sla/). If you require a custom SLA, please contact your account rep to discuss options for an additional fee.
  </Accordion>

  <Accordion title="How scalable is your infrastructure?">
    Very scalable. Don't believe us? We count companies as large as Amazon and Burberry among our customers. We've processed billions of API requests through our servers. We invest heavily in infrastructure at Alloy. You can read more about our infrastructure in our SOC 2 Report.
  </Accordion>

  <Accordion title="How is data stored at rest?">
    All data is encrypted at rest using bank-level AES-256 bit encryption. All information is encrypted in tranit with TLS/SSL. We've received a A score from [Qualys SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=runalloy.com).
  </Accordion>

  <Accordion title="How can I ensure that an outgoing request from Alloy is really coming from Alloy and not being spoofed?">
    We provide an RSA signature you can reconstruct which is signed against our public key. This allows you to always ensure outgoing requests are coming from Alloy.
  </Accordion>

  <Accordion title="Do you support SSO?">
    Yes! We support Google and Shopify Single Sign-On (SSO).
  </Accordion>

  <Accordion title="How do you internally audit code at Alloy?">
    We audit code a number of ways to mitigate the chances that bugs are ever seen in production: every line of code undergoes a peer review, has to pass a battery of automated test cases, manual quality assurance and static code analysis.
  </Accordion>

  <Accordion title="Do you undergo penetration tests?">
    Yes! We regularly undergo routine penetration tests to ensure our ongoing SOC 2 compliance and work to quickly remedy any penetration tests findings.
  </Accordion>
</AccordionGroup>