SOC-2 Inspired Controls
DPDP Act (India) Ready
GDPR-Aligned
Zero-Trust Access Model
Minimal, premium, credible
Enterprise-Grade
Security, Built For
Modern AI Workflow
Avidion protects your data with bank-level encryption, strict access controls, verified infrastructure and transparent compliance.
How Avidion Protects Your Data
Data Encryption
At Rest:
- AES-256 encryption for all stored lead data, email drafts, CRM sync data and logs
- Managed keys in AWS KMS
In Transit:
- TLS 1.2+ for all communication between frontend, backend, database, CRM APIs and mail providers
- HSTS forced across entire app
Attachments:
- Files uploaded (PDFs, etc.) stored in encrypted object storage (S3)
Infrastructure-Side Security
- Hosted on AWS (ap-south-1, Mumbai)
- Multi-zone redundancy
- Automated backups every 24 hrs (30-day retention)
- Strict firewall rules
- Access only via VPN + IAM least-privilege
- CI/CD integrity checks prevent unauthorized deployments
- Real-time monitoring via CloudWatch + Sentry
Authentication & Access Control
- OAuth 2.0 for Gmail, Outlook, HubSpot, Zoho
- No passwords stored by Avidion
- Session tokens rotated frequently
- JWT with signed and encrypted claims
- Role-Based Access Control (RBAC): Admin, Manager, Sales Rep
- Org-level data isolation using Row-Level Security (RLS)
Data Privacy & Compliance
GDPR-Aligned
• Right to Access
• Right to Delete
• Right to Export
• Data minimization
• Consent-based processing
DPDP Act (India) Ready
• Explicit consent collection
• Purpose limitation
• User data deletion within 72 hours on request
CAN-SPAM + Email Compliance
• Automatic unsubscribe
• Verified-only outreach
• Safe send pacing
• Sender reputation protection
Data Sources & Responsible Use
• Trusted data sources
• Access controls
• Audit logs
• Governed prospecting
• Outreach preferences
AI Safety & Guardrails
1
Safe LLM Usage
- AI never sends an email without human-approved limits
- Verification step before any outbound email
- No harmful content generated
- Context boundaries prevent hallucination
2
Inbox Safety
- Email classification runs in a restricted sandbox
- No unrestricted scanning of emails beyond the user's connected inbox
- OAuth scopes limited to "send", "read" and metadata, not full email deletion
- Anti-spam safeguards with rate limits and jitter
3
Your Data Is Not Used To Train Any LLM
We do NOT:
- Send your data to OpenAI for training
- Share lead lists or emails with any third party
- Use your Playbook or templates as training material
We Do:
- Process AI tasks with isolated prompts
- Use short-lived context only
- Delete embeddings on request
How Your Data Flows Inside Avidion
User connects
Gmail/Outlook
Authenticated OAuth token
CRM
Permissioned
Calendly
Webhook
Flow
Lead Management
Outreach Execution
Insights & Optimization
Everything stored in
Encrypted PostgreSQL
Encrypted Redis queues
Encrypted S3
Data Retention & Deletion
Retention
- •Logs retained for 30–90 days
- •Drafts stored until deleted by customer
- •Leads & replies stored until deleted or contract ends
Deletion
- •Instant deletion via UI
- •Verified removal from all systems within 24 hours
- •Full wipe on account cancellation
Exports
- •On-demand data export
- •Available in standard CSV & JSON formats
- •Includes logs, leads, drafts and replies
Incident Responses
Monitoring
- Real-time monitoring with alerts
- AI anomaly detection for suspicious activities
- Automatic circuit breakers if email activity spikes abnormally
Response Plan
- Acknowledgement within 1 hr
- Full forensic analysis
- Status page updates
- Root-cause report within 72 hrs
Security For Enterprise
Premium features only for Enterprise plan:
