Avrentis has not yet completed a SOC 2 or ISO 27001 audit. The platform is built with the controls those frameworks measure and we’re transparent about where we are in each journey.
The way we handle access, change management, security, uptime, and incident response is designed to meet SOC 2 Type II standards. We can walk your team through each of those areas on a review call.
The way we run information security follows the areas ISO 27001 cares about — who can access what, how we protect assets, how we encrypt things, how we run operations, and how we manage the suppliers we use.
The rights your users have under GDPR — to see their data, correct it, delete it, and take it with them — are all supported directly in the product. A Data Processing Agreement is available to sign on request.
The way the platform handles personal data follows what Nigeria's data protection regulation asks for — lawful reason for collecting it, keeping only what's needed, protecting it, and responding quickly if something goes wrong.
If you operate in California, your customers' rights to know what you hold about them, delete it, and opt out of sale are supported. Avrentis does not sell personal data — full stop.
Each provider has a data-processing agreement in place with Avrentis. We notify customers of new sub-processors before onboarding them where we have that obligation under your contract.
Subscribe to sub-processor change notifications through our update subscription form.
The full stack — tenant isolation, RBAC + ABAC, session integrity, audit, encryption.
Read the stackGDPR + UK GDPR-aligned DPA with standard contractual clauses. Signable as-is or negotiated for enterprise.
Request the DPAWhat we collect, why, how long we keep it, and your rights as a data subject.
Read the policyService description, acceptable use, data ownership, liability, termination.
Read the termsReport security issues to security@avrentis.com. We triage within two business days.
Report a vulnerabilityPrimary data in the EU today. In-country/in-region hosting available as an enterprise engagement.
Talk to us about residencyResidency matters for regulated organisations and for customers whose policies require data to stay in a specific jurisdiction. Here is the honest picture.
Primary application data and its backups are hosted in the EU. Document attachments flow through an encrypted object-storage provider at the region configured for our infrastructure tier. The marketing site and edge compute run on a global edge network.
We can provision a dedicated infrastructure tier in another region as part of an enterprise engagement — useful when your policy, regulator, or customer contract mandates data remain in a specific jurisdiction.
Active-passive replication across regions with Customer-selectable primary and documented RPO/RTO. In scoping now; enterprise partners are helping us shape the requirements.