Security & Compliance

Dialivo is built with enterprise-grade security and data protection compliance in mind. Our infrastructure implements industry-standard security practices and privacy controls.

🔒 Security Infrastructure

SSL/TLS Encryption

All data transmitted to and from Dialivo is encrypted using industry-standard SSL/TLS protocols.

TLS 1.2+ encryption for all connections
HSTS (HTTP Strict Transport Security) enabled
Strong cipher suites only
Certificate pinning for API connections

Enterprise-Grade Security

Our security infrastructure includes multiple layers of protection:

AWS WAF: Web Application Firewall with DDoS protection
Rate Limiting: 1,000 requests/second with 2,000 burst capacity
Bot Protection: hCaptcha integration to prevent automated attacks
Security Headers: CSP, X-Frame-Options, HSTS, and more
Secrets Management: AWS Secrets Manager for API keys
Access Controls: IAM policies with least-privilege access

Daily Backups & Disaster Recovery

Your data is protected with comprehensive backup and recovery systems:

Point-in-Time Recovery: 35-day recovery window for all databases
Daily Automated Backups: Encrypted backups to Amazon S3
30-Day Retention: Backups retained for 30 days
Disaster Recovery: RTO < 1 hour, RPO < 24 hours
Geographic Redundancy: Data stored in Canada (ca-central-1)

📋 Privacy & Compliance

GDPR, PIPEDA & CCPA Compliant Infrastructure

Dialivo's infrastructure is designed to support compliance with major privacy regulations:

GDPR (General Data Protection Regulation - EU)

Comprehensive Privacy Policy
Cookie consent banner
Data export API (Right to Access)
Data deletion API (Right to Erasure)
Data Processing Agreement (DPA) available
Encryption at rest and in transit

PIPEDA (Personal Information Protection - Canada)

Data stored in Canada (ca-central-1 region)
Privacy policy with PIPEDA compliance
Consent mechanisms for data collection
Data access and correction procedures

CCPA (California Consumer Privacy Act - USA)

Privacy policy with CCPA rights disclosure
Data export and deletion capabilities
Opt-out mechanisms where applicable

🏆 Certification Readiness

SOC 2 and ISO 27001 Ready Infrastructure

Our infrastructure implements controls and practices aligned with SOC 2 Type II and ISO 27001 standards:

Access Controls: Role-based access with MFA
Monitoring & Logging: CloudWatch alarms and 30-day log retention
Incident Response: Automated alerting and response procedures
Change Management: Version control and deployment tracking
Vendor Management: AWS (SOC 2 Type II certified)
Business Continuity: Disaster recovery and backup procedures

Note: Dialivo is not currently SOC 2 or ISO 27001 certified. These certifications require formal audits by accredited third parties. Our infrastructure is designed to meet these standards and is ready for audit when required by enterprise customers.

🔍 Transparency

What We Have vs. What We're Working Toward

✅ Currently Implemented:

SSL/TLS encryption (all connections)
Security headers (HSTS, CSP, X-Frame-Options, etc.)
AWS WAF with DDoS protection
Rate limiting and bot protection
Daily encrypted backups
Point-in-Time Recovery (35 days)
GDPR/PIPEDA/CCPA compliant infrastructure
Privacy policies and DPA
Data export and deletion APIs
CloudWatch monitoring and alerting

🎯 Available Upon Request (Enterprise):

SOC 2 Type II audit and certification
ISO 27001 certification
Penetration testing reports
Custom Data Processing Agreements
Dedicated support and SLAs

📞 Security Contact

For security-related inquiries or to report a vulnerability:

Email: support@adwaizer.com
Subject: "Security Inquiry" or "Vulnerability Report"
Response Time: Within 24 hours

🔐 Enterprise Security Requirements?

If your organization requires SOC 2, ISO 27001, or custom security assessments, please contact our team. We can work with you to meet your specific compliance needs.

Contact Sales

This Security & Compliance page is effective as of November 3, 2025 and is subject to updates as we enhance our security posture.