AYON Trust Center
Security, Compliance, and Reliability
At AYON, we understand that in the creative industry, your intellectual property is your most valuable asset. Securing your pipeline is not an afterthought; it is the foundation of our architecture. We are committed to maintaining the highest standards of data protection, aiming for industry-leading certifications to ensure your studio’s data remains private, secure, and available.
1. Compliance & Certifications
SOC 2 Type 2 (In Progress)
AYON is currently undergoing the audit process for SOC 2 Type 2 compliance. We align our internal controls with the AICPA Trust Services Criteria:
Security: Protecting system resources against unauthorized access.
Availability: Ensuring the system is available for operation and use.
Confidentiality: Protecting information designated as confidential.
ISO 27001 (In Progress)
We are implementing a rigorous Information Security Management System (ISMS) aligned with ISO/IEC 27001 standards. This ensures a systematic approach to managing sensitive company information, encompassing people, processes, and IT systems.
TTPN Alignment (Threat, Technology, Policy, Network)
We recognize that many of our clients operate within TTPN-certified environments. AYON is architected to integrate seamlessly into these high-security workflows. Our deployment models support the strict network segregation and policy enforcement required by major content owners.
2. Data Access & Support Protocols
Access to Client Data
We strictly enforce the principle of Least Privilege. AYON personnel do not have standing access to client production data.
Consent-Based Access: AYON support engineers access customer data only when explicitly authorized by the client via a support ticket or formal request.
Time-Bound Privileges: Access grants are temporary, strictly scoped to the issue at hand, and automatically revoked upon ticket resolution.
Audit Trails: Every internal access event by AYON staff is logged, timestamped, and tied to a specific identity and support case ID.
Physical & Environmental Security
For our SaaS offering, AYON utilizes industry-leading cloud infrastructure providers (AWS/Hetzner) that maintain ISO 27001, SOC 2, and PCI DSS compliance.
Data Center Security: Physical access to the underlying hardware is controlled by the cloud provider using biometric scanning, video surveillance, and 24/7 security guards.
Shared Responsibility: While our providers secure the concrete, AYON secures the logical perimeter using strictly defined security groups, VPC peering, and encryption.
3. Infrastructure & Network Security
Secure Deployment Models
AYON offers flexible deployment options to match your risk profile:
SaaS: Hosted on enterprise-grade cloud infrastructure with strict logical isolation.
Self-Hosted / Hybrid: For studios with air-gapped requirements or strict on-premise mandates, AYON can be deployed within your private VPC or local hardware, giving you total control over the network perimeter.
Data Encryption
We employ a defense-in-depth encryption strategy:
In Transit: All data transmitted between the client, the AYON server, and integrations is encrypted using TLS 1.2+ protocols (preventing downgrade attacks).
At Rest: Data stored within the AYON ecosystem is encrypted using AES-256 standards. Key management procedures are strictly governed by our ISMS.
4. Product Security & Access Control
Identity and Access Management (IAM)
Single Sign-On (SSO): AYON supports SAML 2.0 and OIDC, allowing you to enforce your own identity policies via Okta, Azure AD, or Google Workspace.
Granular Permissions (RBAC): Our Role-Based Access Control allows you to define precise access levels for artists, producers, and admins.
Secure Software Development Life Cycle (SDLC)
Security is baked into our code, not bolted on.
Code Review: All code changes require peer review and automated checks before merging.
Vulnerability Scanning: Automated static (SAST) and dynamic (DAST) analysis tools run in our CI/CD pipeline.
Remediation SLAs: We maintain strict Service Level Agreements for vulnerability remediation based on CVSS severity:
Critical (CVSS >= 9): Patched within 14 days.
High (CVSS 7-8.9): Patched within 30 days.
Dependency Management: We continuously monitor third-party libraries for known CVEs using automated supply chain security tools.
5. Business Continuity & Disaster Recovery
We maintain a rigorous backup strategy designed to minimize data loss (RPO) and downtime (RTO). Retention policies are tiered based on the chosen service plan:
AYON Pro Plan
Designed for standard production cadences.
Daily Backups: Retained for a minimum of 3 days.
Weekly Backups: 1 snapshot retained from 7 days prior.
AYON Studio Plan
Designed for high-velocity environments requiring granular recovery points.
High-Frequency Snapshots: 4 backups retained for the trailing 16 hours.
Daily Backups: 3 daily snapshots retained.
Weekly Backups: 2 weekly snapshots retained for extended rollback capability.
Recovery Testing: We test our recovery procedures annually to verify our RTO/RPO targets.
Incident Response: Our Security Incident Response Team (SIRT) maintains a 24/7 readiness posture. In the event of a confirmed data breach involving personal data, we are committed to notifying affected parties without undue delay, aligning with GDPR (72-hour) requirements.
6. Data Privacy (GDPR)
We are fully committed to data privacy. We act as a Data Processor for our clients:
Data Residency: Options available for region-specific data storage (e.g., EU-only) to comply with local sovereignty laws.
Right to Erasure: Automated workflows to handle data subject access requests (DSAR).
Subprocessors: We maintain an up-to-date list of all third-party vendors, all of whom are vetted for SOC 2 or ISO 27001 compliance.
Report a Concern
Security is a community effort. If you believe you have found a vulnerability in AYON, please contact our security team immediately at [security-email-placeholder]. We operate a responsible disclosure program to recognize researchers who help keep our platform safe.
Last Updated: 10.12.2025
