FAQ’s

Avixoo has implemented the following security measures to ensure that our system is protected:

SSL/TLS Encryption:

  • We use valid SSL/TLS certificates to encrypt data in transit between the user's browser and our web server. This is crucial for securing sensitive information such as login credentials and personal data.

Authentication and Authorization:

  • Our system uses strong user authentication mechanisms, including secure password storage (using hash functions like bcrypt) and multi-factor authentication (MFA) where possible.

Session Management:

  • All our applications securely manage user sessions, using techniques like session tokens, session expiration, and secure session storage. We regularly update session keys and implemented mechanisms to protect against session hijacking.

Data Validation and Sanitization:

  • User input is validated and sanitized to prevent common web application vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
  • Our web application server uses Content Security Policy headers to mitigate the risk of XSS attacks by controlling which resources the browser is allowed to load.
  • We use security headers, such as HTTP Strict Transport Security (HSTS), X-Content-Type-Options, and X-Frame-Options, to enhance the security posture of our web application.

Compliance with Regulations:

  • Our web application complies with relevant data protection and privacy regulations, such as GDPR, HIPAA and POPI Act.

File Upload Security:

  • All file uploads are restricted to specific file types and sizes to prevent malicious file uploads.

Data Encryption:

  • Sensitive information is stored encryption to prevent any data leaks and ensure that data remains anonymous. We use data in transfer encryption and data  at rest encryption.

The Avixoo platform does not save your card details for billing, but integrates into a payment gateway called Stripe.

Please read more about the security for Stripe here:

https://stripe.com/docs/security

 
Summary of Stripe Security
Stripe is PCI-DSS compliant

Stripe is certified as a Level 1 Service Provider, which is the highest level of certification for payment processors. 

 
Stripe uses data encryption

Stripe uses encryption to ensure that sensitive data such as credit card details, are securely transmitted over the internet.

 
Stripe utilizes tokenization

Unique tokens are used to replace sensitive credit card information, which prevents attackers from stealing your information.

 
Stripe uses two-factor authentication (2FA)

Stripe allows users to enable 2-factor authentication, which is an enhanced verification mechanism.

Introducing our secure document sharing feature, designed with your privacy and convenience in mind.

Here's how it works:

  1. Select Your Documents: Choose which documents you want to share with potential employers or partners. Whether it's your passport, certifications, or other credentials, you're in control.

  2. Receive Engagement Requests: When a company expresses interest in you, you'll receive an engagement request through our platform.

  3. Grant Access: You have the power to decide who sees what. Simply grant access to the specific documents requested by the company, ensuring that your sensitive information remains confidential.

  4. Peace of Mind: Rest easy knowing that your data is safe and secure. With our robust privacy measures in place, you can confidently share your documents without compromising your personal information.