Security & Data Protection
Enterprise-grade protection for every business, regardless of size
Last Updated: 1 February 2026Security is built into every layer of our platform. We understand that you entrust us with your business data, and we take that responsibility seriously. We employ industry-leading security practices, continuous monitoring, and regular audits to ensure your data remains protected at all times.
Contents
1. Data Encryption
Your data is encrypted whether it is stored on our servers or travelling between your browser and our infrastructure.
Encryption at Rest
All stored data is encrypted using AES-256 encryption. Database backups and file storage are encrypted with keys managed through secure key management systems.
Encryption in Transit
All data transmitted between your browser and our servers is protected using TLS 1.2/1.3 encryption. We enforce HTTPS across all connections and use HSTS headers.
| Standard | Detail |
|---|---|
| AES-256 | Encryption at rest for all stored data |
| TLS 1.3 | Encryption in transit for all connections |
| 99.5% | Uptime SLA |
| 24/7 | Continuous monitoring of all systems |
2. Infrastructure Security
Hosted on certified cloud infrastructure with multiple layers of physical and network security.
Cloud Infrastructure Certifications: SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, PCI DSS
Network Security
Web Application Firewall (WAF), DDoS protection via Cloudflare, intrusion detection systems, and network segmentation
Physical Security
Tier III+ data centres with 24/7 on-site security, biometric access controls, and CCTV surveillance
Redundancy
Multi-region deployment, automated failover, daily encrypted backups, and 30-day backup retention
3. Access Control
Granular controls for your team and rigorous internal policies for ours.
For Our Customers
- Role-based access control (RBAC)
- Two-factor authentication (2FA) available
- Session timeout controls
- Password strength requirements
- Audit logs for account activity
For Our Team
- Principle of least privilege
- Mandatory 2FA for all staff
- Regular access reviews
- Background checks for employees
- Immediate access revocation on departure
4. Data Protection & GDPR Compliance
As a Poland-based company, we are fully committed to GDPR compliance. Your data, your rights, fully respected.
GDPR Compliance Measures: Data Processing Agreement, data subject rights support, EU data residency options, breach notification procedures, privacy by design, and Standard Contractual Clauses.
Data Retention
Customer data is retained for the duration of your subscription. Upon termination, data is deleted within 30 days unless legally required to retain.
Data Portability
Export your data at any time in standard formats. We support your right to data portability under GDPR Article 20.
5. Security Monitoring
Round-the-clock automated surveillance, logging, and threat intelligence keep your data safe.
Continuous Monitoring
24/7 automated monitoring of all systems, with real-time alerting for suspicious activity or anomalies
Log Management
Comprehensive logging of all system events, retained securely for security analysis and compliance purposes
Threat Intelligence
Integration with threat intelligence feeds to proactively identify and block known malicious actors
6. Incident Response
We maintain a comprehensive, tested incident response plan that ensures swift action when it matters most.
- Detection — Automated detection and alerting
- Containment — Immediate threat isolation
- Investigation — Root cause analysis
- Notification — 72-hour GDPR notification to supervisory authority
- Recovery — Service restoration
- Review — Post-incident improvements
7. Vulnerability Management
Continuous scanning, testing, and patching to stay ahead of emerging threats.
Regular Assessments
- Automated vulnerability scanning
- Periodic penetration testing
- Code security reviews
- Dependency monitoring
Patch Management
- Critical patches within 24 hours
- High severity within 7 days
- Regular maintenance windows
- Change management process
8. Responsible Disclosure
We value the security research community. If you discover a security vulnerability in our platform, please report it responsibly.
Report Security Issues: [email protected]
Please include a detailed description of the vulnerability, steps to reproduce, and any relevant screenshots or proof of concept. We commit to acknowledging reports within 48 hours and keeping you informed of our progress.
9. Employee Security
Our people are trained, vetted, and equipped to protect your data from the inside out.
Security Training
All employees complete security awareness training upon joining and annually thereafter
Confidentiality Agreements
All staff sign NDAs and confidentiality agreements as part of their employment
Secure Devices
Company devices are encrypted, password-protected, and remotely wipeable
10. Contact Us
Reach the right team for security questions, vulnerability reports, or privacy enquiries.
Bennovate sp. z o.o. (trading as Avantwerk)
ul. Christiana Andersena 25, 94-118 Łódź
KRS: 0000597272 | NIP: 7272799328
Get in Touch
Our team is available to help with security questions, privacy enquiries, and vulnerability reports.
Automate, Innovate, Accelerate.
Powered by Bennovate
Platform
Resources
Company
© 2026. Avantwerk. All rights reserved.
"Bennovate presents Avantwerk — The All-in-One AI Business Platform"