ALVAO Trust Center

Transparency, security, and reliability you can verify. 

ALVAO delivers secure ITSM and ITAM solutions with a strong focus on data protection, regulatory compliance, and high service availability.

This page is currently being updated as part of our Trust Center improvements. Some information may be incomplete or subject to change.

 

Compliance

Security Measures

Data Security

Legal & Regulatory

Data Privacy

AI Governance

Frequently asked questions

Yes. ALVAO processes personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
ALVAO provides information about personal data processing, including purposes, categories of data, and data subject rights in its Privacy Statement.

Customers retain full ownership of their data.
ALVAO does not claim ownership of customer data and processes it only for the purpose of providing the agreed services.

Yes. Selected policies, reports, and summaries are available under NDA or upon justified request to our contact.

Customers may contact ALVAO via the provided contact channels for security, privacy, or compliance-related inquiries. 

For GDPR and data protection inquiries, please contact gdpr@alvao.com. 

Security incidents and security-related requests should be directed to infosec@alvao.com.  

Third parties used by ALVAO are assessed before onboarding and periodically reviewed for security and business continuity concerns. The program takes into account the type of access, classification of data being accessed, controls necessary to protect data, and legal/regulatory requirements. Confidentiality and information security requirements are included in third party agreements. 

Yes. Customers can perform internal vulnerability scans of their own ALVAO ITSM environment upon prior notice and defined Microsoft Azure conditions: Microsoft Security Testing Rules of Engagement &Penetration testing | Microsoft Learn.

ALVAO notifies customers of a Security Incident without undue delay, and no later than 72 hours after becoming aware of it, as defined in the Data Processing Agreement (DPA).

For customers under the Czech Republic Public Sector Cloud Computing Addendum (KeGC), Cybersecurity Events are reported within 24 hours.

Yes. ALVAO logs system and administrative activities to support security monitoring and incident investigation.
Logs are retained for a limited period in accordance with internal policies.

ALVAO provides service availability in accordance with the applicable service level agreement (SLA).
In the event of service disruption, service credits may apply as defined in the contractual terms.

Yes. Data is securely erased and storage wiped out by Microsoft Azure in line with their data protection procedures.

Contact & Responsible Disclosure

Questions about security, compliance, or reporting a vulnerability? We're here.

Security incidents

Report a vulnerability or security issue. Please include a step-by-step proof of concept (PoC) demonstrating your findings so we can verify their validity.

infosec@alvao.com

GDPR & Privacy

Direct your inquiries about GDPR, privacy and sensitive data processing here.

gdpr@alvao.com