TRUST Security & Compliance

Enterprise-grade security & compliance.

Your work, clients and finances in one platform, protected by encryption, strict access controls, continuous monitoring and a compliance program built on recognized frameworks.

Compliance

Built on recognized frameworks

Autovella aligns its program with the standards enterprise buyers expect.

SOC 2-aligned

Security, availability and confidentiality controls designed around the SOC 2 framework. Formal certification is on our roadmap, not yet held.

ISO 27001-aligned

Information-security management designed around the ISO 27001 framework. Certification is in progress, not yet held.

GDPR support

A Data Processing Agreement and tooling to support GDPR and global privacy obligations.

DPDP & CCPA

Designed to help you meet India DPDP and US state privacy requirements.

How we protect your data

Security at every layer

Data encryption

All data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Secrets are managed in a dedicated vault and never stored in plaintext.

Access controls

Least-privilege, role-based access with granular permissions and team-based sharing. Enterprise adds SSO and SCIM provisioning. Internal access is restricted and logged.

Audit logs

Every meaningful action is recorded with who, what and when, giving admins a complete, exportable audit trail for compliance and investigations.

Security monitoring

Continuous monitoring, alerting and logging across infrastructure and application layers, with a defined incident-response process and severity timelines.

Backup & recovery

Automated, encrypted backups with tested restore procedures and documented recovery objectives, so your data is protected against loss.

Data protection practices

Data minimization, vetted sub-processors under DPAs, configurable retention, and support for data-subject and deletion requests.

Trust

Policies & documents

Questions

Security FAQ

Not yet. Our security program is designed around the SOC 2 and ISO 27001 control frameworks, and formal certification is on our roadmap. We are happy to share our current security posture and roadmap under NDA, talk to sales.

In transit with TLS 1.2+ and at rest with AES-256. Encryption keys and secrets are managed securely.

Yes, we offer a Data Processing Agreement, support data-subject requests, and use appropriate transfer safeguards.

Audit logs are available to admins, and SSO/SCIM are available on Enterprise plans.

On reputable cloud infrastructure with automated encrypted backups and tested recovery procedures. Regional options are available for Enterprise.

Run your company on a platform you can trust.

Book a 30-minute demo. See your projects, clients, time and invoices come together, no credit card required.

See pricing