In order to make API calls to the various apps we integrate with, we may ask you to link your API key. All API keys are stored using bank level encryption (known as AES256). This is the same encryption technology that the federal government uses for top secret projects (if you're interested in learning more, click here).
Every API key is uniquely encrypted so that we can't even access the data stored in our own system, so rest assured your API keys are safe. If at any point you feel concerned, you are always able to revoke your API key or delete it from the Alloy platform.
Tell me more about your security practices!
Alloy stores all credentials (i.e. API Keys or tokens using AES-256 bit encryption in our database. Decryption credentials are maintained separately in a secure cloud environment)
We use TLS whenever possible and in all external API calls to ensure sensitive information is encrypted
Tokens and secret keys are censored and hidden to the best of our ability from our logs
Data from invoked workflows/jobs is regularly flushed from the system every two (2) hours
Should you have any questions regarding our data practices or how we handle our data, please feel free to contact us at [email protected] and we will promptly get back to you.
For all Google specific APIs, Alloy’s use of information received from Google APIs (including Gmail, Google Drive, Google Sheets, and Google Calendar, etc) adheres to Google’s Limited Use Requirements.
How do you handle data?
Data stored in Alloy is protected with industry best practices including IP whitelisting, encryption at rest, and network peering. That means that your data is always under a constant state of security. Our team regularly performs security audits.
Are you reselling my data?
No! We're not an ad platform so rest assured all your data is secure and we're not reselling it to the highest bidder.
Tell me more about privacy?