Encryption Practices

Learn how Alloy Automation handles data security


At Alloy Automation, we leverage (bank level) AES-256 bit encryption at every possible level to ensure the highest degree of security. We are mandated by SOC2 protocols to enforce encryption at rest and for data in transit.

How do you store my API keys?

In order to make API calls to the various apps we integrate with, we may ask you to link your API key. All API keys are stored using bank level encryption (known as AES256). This is the same encryption technology that the federal government uses for top secret projects (if you're interested in learning more, click here).

System wide, we use AES-256 encryption to store data at rest and TLS/SSL while data is in transit.

Every API key is uniquely encrypted so that we can't even access the data stored in our own system, so rest assured your API keys are safe. If at any point you feel concerned, you are always able to revoke your API key or delete it from the Alloy platform.

Encryption Standards

  • Alloy stores credentials in their encrypted state – never as raw text. API Keys or tokens using AES-256 bit encryption in our systems.

  • We use TLS whenever possible and in all external API calls to ensure sensitive information is encrypted

  • Tokens and secret keys are censored and hidden to the best of our ability from our logs

Should you have any questions regarding our data practices or how we handle our data, please feel free to contact us at [email protected] and we will promptly get back to you.

For all Google specific APIs, Alloy’s use of information received from Google APIs (including Gmail, Google Drive, Google Sheets, and Google Calendar, etc) adheres to Google’s Limited Use Requirements.

You may find additional information about how we store data in our Privacy Policy.

How do you handle data?

Data stored in Alloy is protected with industry best practices including IP whitelisting, encryption at rest, and network peering. That means that your data is always under a constant state of security. Our team undergoes an annual penetration test in addition to our required SOC2 audit.

Are you reselling my data?

No! We're not an ad platform so rest assured all your data is secure and we're not reselling it to the highest bidder.