AVATALK← Back to site

AVATALK Information Security Policy

Effective Date: June 15, 2026

Introduction

AVATALK is committed to ensuring the confidentiality, integrity, and availability of our customers’ data. This Information Security Policy outlines the measures we implement to protect systems, applications, and data. It applies to all employees, contractors, vendors, and third-party providers who have access to AVATALK infrastructure or information.

Access Control

We restrict system and data access to authorized individuals based on role and responsibility. Our controls include:

  •       User Authentication: All accounts require secure credentials (username and password).
  •       Password Policy: Passwords must be strong and are subject to periodic updates.
  •       Account Management: Access rights are provisioned by our technical team based on the principle of least privilege.
  •       Multi-Factor Authentication: MFA is used for sensitive systems to add an additional layer of protection.

Data Storage and Video Processing

DigitalOcean: All user data is stored on DigitalOcean’s global cloud infrastructure, which may involve geographically distributed data centers depending on availability and performance. DigitalOcean encrypts data in transit and at rest using industry-standard protocols and maintains SOC 2 Type 1 certification.

D-ID: Avatar-related video generation and processing are securely handled by D-ID, a trusted third-party provider that also maintains SOC 2 Type 1 compliance and follows strict security protocols.

Data Protection

We take measures to protect the confidentiality, integrity, and availability of our customers’ data. The data protection measures include the following:

  •       Encryption: We use encryption technologies to protect sensitive data in transit and at rest.
  •       Data Backup: We regularly back up our data to prevent data loss due to hardware failures or disasters.
  •       Data Retention: We retain data only as long as necessary and in accordance with relevant laws, regulations, and industry standards.
  •       Data Destruction: We dispose of data securely and in accordance with relevant laws, regulations, and industry standards.

Incident Management

We have established an incident management process to detect, investigate, and respond to security incidents. The incident management process includes the following:

  •       Incident Response Plan: We have developed a comprehensive incident response plan that outlines the procedures to be followed in the event of a security incident.
  •       Incident Reporting: All employees, contractors, vendors, and third-party providers are required to report security incidents immediately to our IT department.
  •       Incident Investigation: We investigate security incidents promptly to determine the cause and scope of the incident.
  •       Incident Communication: We communicate with affected parties, such as customers and law enforcement, as necessary and in accordance with relevant laws, regulations, and industry standards.

Compliance

We comply with relevant laws, regulations, and industry standards related to information security. Our compliance approach includes:

  •       Internal Policy Adherence: While AVATALK LLC does not currently hold SOC 2 certification directly, we follow internal information security policies aligned with best practices and evaluate vendor compliance as part of our security controls.
  •       Third-Party Compliance: We partner with third-party service providers, such as DigitalOcean and D-ID, that maintain security certifications including SOC 2 Type 1 and implement industry-standard safeguards to protect customer data.
  •       Audit and Assessment: We periodically review our technical and administrative security controls to ensure effectiveness and consistency with industry standards.

Conclusion

AVATALK takes information security seriously and is committed to ensuring that our product is secure and reliable. We implement robust information security measures, including access control, data protection, incident management, and compliance. All employees, contractors, vendors, and third-party providers are required to comply with our information security policies and procedures.