Secure cloud communications

AWS provides dedicated 24/7 state-of-the-art electronic surveillance and physical security measures at all of our server locations, including foot patrols, security logs, and perimeter inspections.

Only authorized Plivo personnel are granted access credentials to our data centers. Every access is also logged and reviewed to ensure that our systems are not breached by internal threats.

All activity on our servers are logged, and we review historical reports for system change tracking, security analysis, and compliance auditing.

Plivo uses cloud storage and compute services from Amazon Web Services (AWS). AWS is responsible for the security of the cloud, i.e. protecting the infrastructure that runs all of the services offered in the AWS Cloud. Plivo is responsible for securing the application platform deployed in AWS.

Our infrastructure, web applications, and APIs are penetration tested annually by external independent parties, and any vulnerabilities found are fixed.

Redundant links reroute traffic over backup networks in less than two seconds in case of backbone failover.

All of our facilities offer 100% power and HVAC functionality in any given month.

We distribute workloads across multiple resources to optimize response times, maximize throughput, and avoid single points of failure.

We aim to connect to multiple carriers in each country. At a minimum, we connect to at least two local carriers in each country.

We use automated systems to deploy new code to clusters in real time to ensure smooth transitions between software updates with no downtime.

Defensive systems embedded at multiple points and layers across the infrastructure and server environment work to protect our systems from unauthorized, potentially harmful, malicious, and problematic traffic and input.

To prevent unauthorized account access, each session requires the account username and a strong passphrase for access to each Plivo account. We also require phone number verification delivered through an SMS text message or a voice call.

We employ unique Authentication IDs and Authentication tokens for every user to ensure that only authorized people have access to accounts.

All web session traffic between customer applications and Plivo is encrypted using TLS (transport layer security). All data entering or leaving Plivo infrastructure is encrypted with TLS/HTTPS.

Plivo provides logical tenant separation, encryption in transit (TLS 1.2 or greater) and encryption at rest (256-bit Advanced Encryption Standard (AES-256)).

Administrative access privileges within the production environment are restricted to authorized personnel. Only Plivo employees who require customer data access as part of their job functions are permitted to access customer data.

We perform regular backups on all Plivo customer data. All backups are stored redundantly and are encrypted using AES-256.

All laptop devices issued to Plivo employees come with encrypted storage partitions and MDM software. We have the ability to remotely wipe a device in the event of it being lost or stolen.

We don't store any credit card information on our servers. Instead, all credit card information is encrypted using AES-256 and handled by our payment platform provider.

Our payment platform provider is PCI DSS (Payment Card Industry Data Security Standard) compliant.

We respond to priority 1 business-critical incidents around the clock, 365 days a year.

All Plivo employees are bound by Plivo's privacy policy.