Logo Alohi


Learn more about Alohi’s adherence to industry-standard security compliances and certifications.

Our Principle

Having world-class security and privacy was not only our number one priority but also the philosophy we built our product and service offerings around. In order to enhance the quality of our security and privacy practices, we committed to certifying ourselves and all our products (SIGN.PLUS and FAX.PLUS) for all relevant certifications and compliances.

Maintaining the highest standards of compliance is an ongoing process as we strive to adopt, adapt, and also contribute as much as possible to all current and upcoming regulations.


Our Compliance Offerings

ISO/IEC 27001 Compliance

Alohi is certified by an independent and impartial certification institute, EY CertifyPoint, through a series of surveillance and audits. The certificate validates that Alohi has implemented the guidelines and general principles for initiating, implementing, maintaining, and improving the management of information security.

The scope of the Information Security Management System (ISMS) is to ensure the protection of our customers’ data and applies to all of our stakeholder relationships including the people, processes, and tools required to develop, support, and maintain the services and products provided by Alohi.
Learn more about it here.

SOC 2 Type 2 Compliance

The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards.

SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402). Both standards are used to generate reports by objective third parties attesting to a set of assertions, which are made by an organization about controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.
Learn more about it here.


HIPAA Compliance

We understand the sensitivities and the seriousness associated with keeping patient healthcare data private and secure. For this reason, we have looked into all administrative, physical, and technical safeguard specifications with fine precision, mitigating all HIPAA requirements to safeguard our customers’ data, individuals’ protected health information (PHI), and electronically protected health information (ePHI).

Healthcare providers, insurance companies, and other covered entities therefore trust us with their most sensitive documents. We are fully compliant with HIPAA.
Learn more about it here.


The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. The scope of the PCI DSS includes all networks and applications that process, store, or transmit cardholder data, as well as systems that are used for securing and logging access to the systems in scope.

We maintain compliance with the current version of the PCI DSS with rigorous data security standards to ensure the safe and secure handling of customers’ payment card information.
Learn more about it here.

GDPR Alohi

GDPR Compliance

The General Data Protection Regulation (GDPR) is a piece of data protection and privacy legislation that applies to citizens in the European Union (EU). As a company that prioritizes the security and privacy of its users, Alohi was already implicated in the commitment to minimize the collection of any users’ information. The GDPR is therefore acting as a guideline for our efforts, where we only collect the personal data we need to provide the service we are offering.

We do not sell personal information to any third party as all personal data is only transmitted when it is necessary to process a contract to fulfill our services to our users. We are fully compliant with the GDPR.
Learn more about it here.

CCPA Compliance

While being very similar to the GDPR, the California Consumer Privacy Act (CCPA) is a different piece of data protection and privacy legislation that applies to residents in California. The CCPA gives California residents more control over their personal data which businesses collect and process. These rights include but are not limited to one’s right to know, delete, and opt-out. We take security and privacy very seriously at Alohi. We are fully compliant with the CCPA.
Learn more about it here.

CSA STAR Program

CSA STAR Program

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. The CSA STAR Certification is an independent third-party assessment of the security of a Cloud Service Provider (CSP) that comprises key principles of transparency, rigorous auditing, and harmonization of standards.

The CSA STAR certificate provides further reassurance to customers and business partners that their organization has established a base maturity level in managing the internal operations relevant to the 16 different security domains in the CCM.
See the CSA STAR registry for Alohi.

Data Residency

Meet and exceed your local data residency requirements by storing your faxes in the region of your choice. There are over 20 regions to choose from which include the United States, Canada, Australia, Japan, Switzerland, and more. You can reside your faxes along with their backups in the same data center, or a different one. Regardless of the data center location, all faxes and their backups will be stored fully encrypted using 256-bit Advanced Encryption Standard (AES).
Learn more about it here.

Data Residency