Security you can hand to your compliance team

Teams hand Alfera their workflows, credentials, and business data. We take that seriously. Every layer of Alfera was built with security in mind, from day one.

Get StartedBook a Demo

Security & Privacy

How we keep your data safe

SOC

SOC 2

Type 1 Compliant

EU

GDPR

Aligned

CA

CCPA

Compliant

CASA Tier 3

Certified

All credentials encrypted at rest and in transit
No sensitive data stored on local machines. Ever.
OAuth-based authentication for all integrations
Isolated execution environments for every workspace
Approval system for sensitive actions
Your data is never used to train models
All credentials encrypted at rest and in transit
No sensitive data stored on local machines. Ever.
OAuth-based authentication for all integrations
Isolated execution environments for every workspace
Approval system for sensitive actions
Your data is never used to train models
All credentials encrypted at rest and in transit
No sensitive data stored on local machines. Ever.
OAuth-based authentication for all integrations
Isolated execution environments for every workspace
Approval system for sensitive actions
Your data is never used to train models

You stay in control

You approve every action
Alfera drafts messages, creates reports, and executes workflows. Sensitive actions require your explicit approval before anything runs.
Action Request
Pending
SA

Support Agent

Send email to customer@acme.com

Approve
Deny
Your credentials are stored securely
All API keys, OAuth tokens, and integration credentials are encrypted and stored in secure cloud infrastructure. They never touch a local machine.
Credential VaultSealed
Salesforce
••••••••••Encrypted
HubSpot
••••••••••Encrypted
Stripe
••••••••••Encrypted
AES-256-GCM · Zero-access architecture
Your data never trains AI models
Your conversations, files, and business data are never used to train third-party models. Your workspace is yours — across Slack, the dashboard, and the API.
Data PrivacyProtected
Conversations
Private
Files & documents
Private
Business data
Private
Integration data
Private
Zero training data extraction · Your workspace is yours

Our Principles

How we build Alfera

Full Compliance

SOC 2 compliant, GDPR aligned, CCPA compliant, CASA Tier 3 certified. We encrypt data at rest and in transit, enforce strict access controls, maintain incident response plans, and monitor compliance continuously.

Isolated Execution

Every AI employee runs in a sandboxed VM with no cross-tenant data access. Your workspace, integrations, and memory are completely isolated from every other customer.

Principle of Least Privilege

Each integration uses scoped OAuth tokens with minimal access. Internal systems follow strict role-based access control, and customer data access is limited to what's necessary to complete your requests.

Data Handling

How Alfera handles your data

Encryption

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Credentials and secrets are stored in dedicated vaults, separate from application data.

Authentication & Access

Alfera authenticates through SSO via WorkOS with your identity provider. Admin controls let you manage who on your team can interact with AI employees and which integrations are enabled.

Data Retention

You control your data. Conversation logs, employee memory, and generated files can be reviewed and deleted at any time. We don't retain customer data beyond what's needed to deliver the service.

Third-Party Integrations

Alfera connects to 800+ services: Salesforce, HubSpot, Stripe, and more. Every integration uses OAuth-based authentication with the narrowest permission scopes possible. No passwords are stored in plain text.

Infrastructure

Alfera runs on Google Cloud Platform with 24/7 monitoring, automated threat detection, and regular penetration testing. Our systems are built for high availability and fault tolerance.

Need more details?

We'll walk you through our security setup, share compliance docs, or answer your security team's questions. Just reach out.

Book a DemoContact Us