Saltar al contenido principal

Security

We protect your data with a modern stack: database with access control, encryption in transit, secure payments and isolated infrastructure.

Technical guarantees and compliance

Pillars of our architecture for information security and privacy.

Database (RLS)

Database with Row Level Security so each customer only accesses their own data. Access policies defined at the application level.

SSL & CDN

Domain protected with DNS, SSL certificates and CDN. Encrypted web traffic and protection against common threats.

Payment gateway

Payment gateway that meets industry security standards for transactions. We do not store card data.

Backups & availability

Server backups and database storage. Infrastructure prepared for recovery.

How we protect you

Security measures integrated into the platform and operations.

Encryption in transit

All communication with the website and services uses HTTPS (TLS). Data never travels in plain text.

Data access control

The database uses Row Level Security (RLS). Queries are filtered by user so each customer only sees their own information.

Isolated infrastructure

Backend, automations and control panel run on a dedicated server with containers and VPN, reducing the attack surface.

AI document processing

Documents processed by the AI team (Lucía, Sofía, María) are sent to providers with security and privacy practices aligned to business use.

Official WhatsApp channel

Connection via Meta's WhatsApp Business API for customer support, used in compliance with their security and privacy policies.

Payment gateway

Payments are processed through a gateway that meets industry standards. We do not store sensitive payment method data.

Technical stack and best practices

The website is served securely. Business data and logic rely on a database with RLS, storage and backups. The payment layer is managed by a payment gateway; AI document processing uses APIs with privacy commitments.

Automations, the control panel and the official messaging connection run on a dedicated server managed with containers, accessible via VPN to reduce risk. The domain is protected with DNS, SSL and CDN.

We commit to keeping the stack up to date, applying security patches and reviewing system access. If you need specific documentation or a security questionnaire, contact us.

Request security information

Security contact

Report a vulnerability or incident

lucia@afinate.com

Questionnaires or documentation

lucia@afinate.com

Security FAQ

Answers about storage, encryption and afinate's practices.

Where is my company's data stored?
Business data and documents are stored in a database with RLS policies. The process infrastructure and control panel run on a dedicated server with backups configured.
How is data protected in transit?
All traffic between your browser and our services uses HTTPS (TLS). The domain is protected with SSL and an additional layer of protection.
Who can see my account information?
Only your organization has access to its own data thanks to Row Level Security in the database. afinate only accesses data when necessary for support or maintenance, subject to internal confidentiality policies.
How do I report a vulnerability or security incident?
You can report vulnerabilities or security incidents to lucia@afinate.com. We review every report and will respond within a reasonable timeframe.