Start for free

Frequently Asked Questions

What data does Alloy store?

When provisioning a user account, we store your full name, email address, and (optionally) a profile photo.

While using Alloy, users can import and directly enter text data. To best understand the data that your organization expects to store in Alloy, we recommend talking to the individuals who will be entering data into our system. Most individuals will use Alloy to store work planning data such as information about projects, goals, objectives, and teams.

Where does Alloy store data?

We store data in Amazon Web Services (AWS) data centers in the United States. Your data will be stored in us-west-2 ( Oregon) with database replication to us-west-1 (N. California) for backups.

Is Alloy SOC 2 compliant?

We're actively pursuing SOC 2 Type II certification with the vast majority of necessary controls already in place. We expect to complete our audit and receive certification by early 2026.

Do you fill out security assessments?

Yes. We are happy to fill out security assessments on request – please contact us.

Is external penetration testing performed, and has the platform been reviewed by an independent third-party?

Yes to both. Our external penetration tests are performed at least annually, with the most recent test and comprehensive review completed on the 7th of May 2024. All findings were remediated.

Is your data encrypted?

Yes, Alloy provides industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS 1.2 and 1.3).

Do you provide SAML, Single Sign-On (SSO), or advanced authentication controls?

Yes. We provide SSO on our Enterprise plan, compatible with most IdPs with support for both SAML and OIDC protocols. Please contact us with your specific requirements for more information.

Do you have a list of subprocessors?

Yes, an updated list of data subprocessors is available by request. Contact us at support@alloy.app and we'll be happy to help.

How can I report security issues and vulnerabilities?

Alloy takes security issues and vulnerabilities very seriously. If you believe you have found a security issue, please contact us at security@alloy.app and we'll review it as soon as possible.

Does Alloy have a bug bounty / responsible disclosure program?

Yes. Alloy has a private Bug Bounty program that rewards researchers for finding and reporting security vulnerabilities. For more information, or to report a vulnerability, please visit our Responsible Disclosure page or reach out to us at security@alloy.app.

How can I access, transfer, or delete my data?

Contact us at support@alloy.app and we'll be happy to help.