We take protecting your data seriously.


Our infrastructure

System architecture

Advize’s architecture is designed to be secure and reliable. We use an n-tier architecture with firewalls between each tier and additionally within certain tiers between services. Services are accessible only by other services that require access. Access keys are rotated regularly and stored separately from our code and data.

Failout and disaster recovery

Advize is designed to be fault tolerant. Our services are fully redundant with replication and failover across multiple AWS regions in separate data centers.

Data centers

The Advize application is hosted in Amazon Web Services (AWS) secure data centers. These data centers are accredited under the following standards:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 - Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system. Documents that provide more details about AWS security are available at AWS Whitepapers.

Vulnerability scans & pentesting

Advize uses security tools to continuously scan for vulnerabilities. Additionally, vulnerabilities in third-party libraries and tools are monitored and software is patched or updated promptly when new issues are reported. The system regularly undergoes third-party security reviews and penetration testing to identify potential vulnerabilities and ensure that they are addressed.

The system regularly undergoes third-party security reviews and penetration testing to identify potential vulnerabilities and ensure that they are addressed.


Our servers are protected by firewalls and not directly exposed to the Internet.

How we handle data

Data storage

Advize data stores are accessible only by servers that require access. Access keys are stored separately from our source code repository and only available to the systems that require them. Additionally, production environments are sandboxed from testing environments.


We maintain secure encrypted backups of important data for a minimum of 30 days. We do not retroactively remove deleted data from backups as we may need to restore it, if removed accidentally. Backup data is fully expunged after 90 days.


We aggregate logs to secure encrypted storage. All sensitive information (including passwords, API keys, and security questions) is filtered from our server logs. Log data is fully expunged after 90 days.


Advize is GDPR compliant.

  • Rule-based data retention policy allows data allows for compliance with deletion requests and suppression of incoming data.
  • Full data export.
  • All customer data is deleted within 24hrs of account deletion.



All passwords are only stored as an irreversible cryptographic hash. All sessions expire after a period of inactivity.


We monitor and rate limit authentication attempts on all accounts.



Advize’s web traffic is served over HTTPS and HTTPS is forced for our API, web app and public website. HSTS is used to ensure that browsers communicate with our services using HTTPS exclusively.


All of our databases, including backups are fully encrypted at rest using industry standard encryption algorithms.



Advize utilizes comprehensive, frequently updated security policies that cover a range of topics.

Incident response

Advize maintains a defined protocol for responding security incidents.

Security training

All employees must complete security training when they join and are continually refreshed.

Employee vetting

All employees undergo thorough background checks that include criminal record checks and employment verification.


All employees confidentiality agreements with Advize.

PCI compliance

We use Stripe for all credit card payment processing. Stripes security practices and PCI compliance information can be found on their Security page.


If you have any concerns or discover a security issue, please email us at and we will quickly investigate.