Compliance

Aha! has invested in robust data center infrastructure to ensure strong security and protection. The following certifications mean that an auditor has verified that specific security controls are in place and operating as intended. These certifications provide customers with the proper assurance that we are committed to providing high performance and secure cloud-based services.

Aha! compliance

Aha! is ISO 27001 certified and our Statement of Applicability is available here. ISO is an information security standard published by the International Organization for Standardization, the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). This certification was issued by an independent and accredited certification body based on successful completion of a formal audit process.

Aha! complies with the General Data Protection Regulation regarding processing of personal data of people in the European Union. More information about GDPR is available here.

Data center compliance

The Aha! cloud infrastructure is housed in Amazon Web Services (AWS) data centers, which are considered to be the world's best by industry-leading analyst firm Forrester. AWS provides a broad set of capabilities in terms of data center security, network security, and a significant number of certifications. This level of data center and operational security allows Aha! to be compliant with many of the most stringent industry standards.

Aha! datacenter partner AWS publishes a Service Organization Controls 1 (SOC 1), Type II report. The SOC 1 Type II report covers controls in place at a Service Organization intended to meet the needs of the user entity. The type II report additionally includes an auditor's overview of the operating effectiveness of the controls in place to achieve the control objectives.

In addition to the SOC 1 report, AWS publishes a Service Organization Controls 2 (SOC 2), Type II report. Similar to the SOC 1 in the evaluation of controls, the SOC 2 report is an attestation report that expands the evaluation of controls to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy applicable to service organizations.

You can also review the Service Organization Controls 3 (SOC 3) report. The SOC 3 report is a public summary of Amazon's SOC 2 report.

ISO 9001:2008 is the international standard for Quality Management Systems (QMS), published by the International Organization for Standardization (ISO). AWS has undergone a systematic, independent examination of their quality system to determine whether the activities and activity outputs comply with ISO 9001 requirements.

ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls. AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, and 27018:2019.

All payments are processed through our third party payment processing vendor, Recurly. Recurly is PCI-DSS Level 1 compliant as a merchant service provider.