Overview¶
Data residency¶
Afi is hosted as a distributed container-based application in Google Cloud Platform (GCP) in the USA, Canada, the EU, the United Kingdom, and Australia. These Google facilities hold all major security and data privacy accreditations, including SOC1 – SSAE-16, SOC2, PCI DSS Level 1, ISO 27001, HIPAA, FIPS 140-2. The physical access to the servers in the datacenters is restricted to authorized Google personnel, with Afi employees having no physical access to the servers.
We don't host any on-premise production infrastructure and require two-factor authentication for all employees that work with internal systems (code repositories, build systems, cloud providers). We apply the "least privilege" model meaning that we assign access to employees based on the absolute least access someone needs to be able to perform their duties.
Available regions¶
Afi users can select the data storage location when they initially sign up for the Afi SaaS backup trial. There are five available locations:
- USA: Google datacenter
us-central1
(Council Bluffs, Iowa, USA) - United Kingdom: Google datacenter
eu-west2
(London, England) - Netherlands: Google datacenter
eu-west4
(Eemshaven, Netherlands) - Canada: Google datacenter
northamerica-northeast1
(Montreal, Canada) - Australia: Google datacenter
australia-southeast1
(Sydney, Australia)
For geographically distributed companies that need to comply with data residency requirements, Afi provides a multi-geo setup option.
Data encryption¶
All customer data is encrypted at all times: both in transit and at rest. We use TLS 1.3 for all control communications, including data transfer between Afi components, to ensure all traffic is encrypted. When at rest, we use AES 256bit encryption.
Afi also offers a Bring-Your-Own-Key (BYOK) encryption feature for backup data encryption and key management.
Data access¶
System administrator and end-users (self-service, if it is turned on by administrators) access to the service is possible only through Microsoft or Google identity services that support MFA, or Okta (SAML).
Afi supports advanced data access management capabilities, including granular permissions configuration with per AAD group or Organizational unit/Google group access scope, self-service recovery portal for end-users, and an ability to restrict customer administrators access to backup data.
Afi keeps a detailed audit log for all data access operations (exports and restores) in the account available to customer administrators and provides the ability to ingest audit events in a third-party SIEM system of your choice. Audit events are stored for 3 years.
Afi employees and contractors don't have access to customer backup data.
Account protection¶
Afi implements comprehensive security and operational controls to protect customer accounts from unauthorized access, including potential customer-side access breach events in Google Workspace or Microsoft 365. Protection measures include IP address checks during user sessions, notifications and delayed execution for sensitive operations (such as backup deletions), as well as account ownership verification for support ticket requestors.
For security reasons, Afi limits data export capabilities to individual emails, files, or a single folder at a time for the first 30 days following account creation.
Access policies¶
Afi provides the ability to configure access policies that help you enforce context-aware access to your Afi organization based on the user's IP address, country, or identity provider.
Lockdown mode¶
Afi has an option to restrict sensitive operations for an organization by enabling lockdown mode that can be temporarily lifted by providing a lockdown secret generated during configuration. Operations protected by lockdown mode include access management, backup policy and secret management, as well as backup deletion.
Ransomware protection¶
Afi detects suspicious file encryption events and notifies customer account administrators about a possible ransomware attack. In case of a confirmed ransomware attack, an account administrator can use an in-place (overwrite) restore option to recover from the latest healthy snapshot.
Data immutability¶
Afi has designed an immutable backup datastore format on top of object storage that ensures backup data and metadata objects are never rewritten. Data and metadata updates are never performed in place, and all data is fingerprinted for integrity verification.
Info
As an additional protection measure, it is possible to enable underlying object storage immutability (sometimes called data retention locking). When enabled, backup tasks periodically advance a lock timestamp on all backup archive objects, preventing them from being deleted or modified for a certain period (approximately one month). While a retention lock for a backup is active, it cannot be deleted or tampered with by any party, including Afi.
You can contact Afi Sales (sales@afi.ai) to configure data immutability for your Afi tenant. Please note that retention locks are applied during periodic backups. Therefore, once retention locking is configured, ensure that all your backups remain protected by backup SLA policies that include a periodic backup schedule.
Compliance¶
Afi complies with major industry regulations and is independently audited as part of the SOC 2 compliance. The shortlist of regulations and frameworks that Afi adheres to includes, but is not limited to GDPR, Privacy Shield, HIPAA, CCPA, NHS Information Governance, PIPEDA, PHIPA.
Check out our compliance page or reach out at privacy@afi.ai if you need more details or have questions about a country- or industry-specific regulation.
If you need to enter into the HIPAA BAA with Afi, please sign our standard BAA form and send it to Afi Sales (sales@afi.ai).
Backup & Resiliency¶
Afi services are deployed using Kubernetes Engine. High availability and disaster recovery are built-in into Afi's architecture. In case of a component failure, the platform launches additional container instances and redirects the load.
Afi’s backup policies and procedures outline the critical resources, including the databases, that are backed up automatically to enable recovery needed to meet our SLAs. All production data is being replicated automatically to a separate infrastructure. Afi tests its data recovery plan continuously.