Overview

We know your strategy and plans are extremely important to you and your business, and we take protecting them seriously. After all, our own business, product, and marketing plans (and those for thousands of other companies) are hosted with Aha! as well. This is why every Aha! plan includes secure network communications over HTTPS and data encryption at rest.

The Aha! software and security infrastructure is architected to be one of the most secure and high-performance enterprise SaaS environments available today. It provides an extremely scalable and highly reliable platform that enables customers to set brilliant strategy, capture customer ideas, create visual roadmaps, and manage breakthrough marketing campaigns quickly and securely.

World-class protection

Aha! encrypts all communication between customers and our data centers through strong encryption. All login and post-login web pages in Aha! are served over TLS, a successor to SSL. We encrypt all data at rest using AES-256 encryption. Aha! protects its system infrastructure by using dedicated firewall and network services to block unauthorized system access.

Tight access control systems are enforced. Aha! employees are not able to access customer data unless specifically required to do so for support reasons.

ISO 27001 Certified

ISO 27001 Compliance

Aha! is ISO 27001 certified. This certification demonstrates our commitment to information security at every level of the organization.

ISO 27001 is an overarching management process to ensure that information security controls are in place on an ongoing basis. ISO 27001 certifies that Aha! has completed a rigorous evaluation of information security risks.

More information about ISO 27001 is available here.

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

Aha! complies with the General Data Protection Regulation regarding processing of personal data of people in the European Union.

More information about GDPR is available here.

Cloud Security Alliance CAIQ

Cloud Security Alliance CAIQ

Aha! provides information about our security controls through the Consensus Assessments Initiative Questionnaire (CAIQ).

More information about CAIQ is available here.

Built-in security

In addition to the security provided through the Aha! hosting environment and our own operational policies, there are many additional protective capabilities built into the application itself. Those capabilities include:

  • Single sign-on (SSO)

  • Two-factor authentication (2FA)

  • Sophisticated user permissions

  • Activity stream (for audits)

  • History of all changes (for audits)

  • Features and ideas export

  • Passcodes to secure presentations

  • Data encryption at rest

  • Anti-virus scanning*

  • IP address access control*

  • Account backup and export*

* Available for Enterprise+ plan customers

Secure data centers

The Aha! cloud infrastructure is housed in highly secure, distributed data centers, which use state of the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24 hours a day by trained security guards, and access is authorized strictly on a least privileged basis.

Data center compliance

Aha! uses Amazon Web Services data centers, which are covered by comprehensive information security programs including:

  • SOC 1

  • SOC 2

  • SOC 3

  • ISO 9001

  • ISO 27001

  • PCI

Environmental systems in the data centers are designed to be redundant and minimize unforeseen disruptions and all personnel must be screened when leaving areas that contain customer data.

Aha! was designed from the ground up for massive, multi-tenant SaaS operations. Separation of customer account data and user permissions are baked in at every level in the software stack. This "secure by design" approach reduces the likelihood of accidentally introducing security holes in future releases.

Verifying our security

We understand that you are trusting Aha! with important information. But since you cannot physically visit our data centers or review the software, how can you be sure that we have the right security controls in place?

It starts by understanding our background. The founding team has built six software companies -- the last two were acquired by Aruba Networks [ARUN] and Citrix [CTXS] respectively after deep due diligence.

You can also look to the fact that more than users trust Aha! and it is one of the fastest growing enterprise SaaS companies. But most importantly, the answer lies in the actions that we take to protect your data.

Aha! regularly undergoes third party network and application security scans. We also have a significant list of compliance certifications for the Aha! platform. Each certification means that an auditor has verified that specific security controls are in place and operating as intended.

Customers in our Enterprise+ plan can take advantage of our Concierge service to further review our security practices and learn more.