At Autohive, we know that trusting us with your data is a big deal. That’s why we’ve built security, privacy, and compliance into every corner of our platform. This document walks you through exactly how we protect your information because transparency matters.

Our commitment
We’re committed to building a platform you can trust completely. Your data gets enterprise-level protection at every layer, handled responsibly and secured with the same care we’d want for our own information.

1. Data encryption

We use robust encryption to protect your data whether it’s travelling between your device and our servers or sitting safely in storage.

  • Encryption in transit: All data moving between your device and Autohive servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across our web application and APIs.
  • Encryption at rest: All your conversations, including chats and direct messages, are encrypted using the industry-standard AES-256 algorithm.
  • Advanced Data Protection: To further protect sensitive information, Autohive employs an advanced, multi-layered encryption strategy for workspace and conversation data. Data within each workspace, and even individual conversations, are encrypted with its own unique key, ensuring strict data isolation. Access is tightly controlled so that only authorized members of a specific workspace or conversation can decrypt its contents. All our encryption keys are securely managed using industry-standard protection mechanisms, and all data encryption leverages the robust AES-256 algorithm.

2. Infrastructure and network security

  • Cloud infrastructure: Autohive runs on leading cloud providers such as AWS that are SOC 2 Type II and ISO 27001 certified. This means the underlying physical and network infrastructure meets the highest standards for security and availability.
  • Network isolation: Our application architecture uses multiple layers of network isolation with Virtual Private Clouds (VPCs) and security groups. Traffic between services is strictly controlled, and only necessary connections are allowed.

3. Access control and authentication

We provide robust mechanisms to ensure only the right people can access your workspace and data.

  • Role-based access control (RBAC): Autohive uses a granular RBAC model. Plans have the following roles - Owner, Manager, and Member. To control exactly what each user can do.
  • Authentication options:
    • Secure password policy: We enforce strong password requirements for local accounts
    • Google OAuth: Sign in with your Google account and leverage Google’s security measures

4. Auditing and monitoring

To help our support team resolve any issues you might encounter, we keep general audit logs internally, using tools like Raygun for monitoring.

5. Data retention and deletion

  • Account deletion: You can request account deletion via support. This permanently removes your personal data from our systems in accordance with GDPR and other privacy regulations, following a brief grace period.

6. Bug bounty program

We run a bug bounty program to reward security researchers for finding and reporting vulnerabilities. If you believe you’ve found a security issue, please email us at security@autohive.com and we’ll investigate as quickly as possible.