Advo360 is cloud-hosted in U.S. data centers.

Enforced multi-factor authentication, role-based access controls, encryption, session management, and account protection.

Your funders will ask about this. Your board will ask about this. Your IT evaluator will ask about this. Here are the answers.

AES-256 encryption at rest. HTTPS/TLS in transit.

All data is encrypted using the same standard required by U.S. federal agencies for the protection of sensitive information.

Multi-factor authentication required for every user.

TOTP-based. No exceptions. No optional setting. Enforced at the platform level.

U.S.-based cloud infrastructure.

Hosting provider holds SOC 1, SOC 2, ISO 27001, and FedRAMP compliance certifications.

Role-based access controls.

Configurable permission levels structured to match your organization's hierarchy. Each user sees only what their role requires.

What this means in plain language

Your staff are not guessing who can see what. Your funders are not hearing vague reassurances about data security. Your organization is not relying on informal workarounds to protect records that could endanger someone if they were exposed. Every user proves their identity with a second factor before they access anything. Every session locks after inactivity. Every record is encrypted.

Identity & Access

Authentication

TOTP multi-factor authentication required for every user. No exceptions. Enforced at the platform level.

Access Control

Configurable permission levels structured to match your organization's hierarchy. Each user sees only what their role requires.

Session Security

Automatic session timeout after inactivity. Re-authentication required. Timeout duration is configurable per organization. Designed for shared office environments common in advocacy settings.

Account Protection

Lockout after repeated failed login attempts.

Password Requirements

Minimum length and complexity requirements enforced.

Data & Infrastructure

Data Encryption

AES-256 encryption at rest. HTTPS/TLS encryption in transit. All data is encrypted using the same standard required by U.S. federal agencies for the protection of sensitive information.

Infrastructure

U.S.-based cloud infrastructure. Our hosting provider holds SOC 1, SOC 2, ISO 27001, and FedRAMP compliance certifications.

Database

Modern database architecture with parameterized queries to prevent injection attacks and non-sequential identifiers to prevent enumeration.

Development Practices

Version-controlled codebase with full change tracking. Built on a modern, security-hardened application framework with input validation, CSRF protection, and secure session handling.

Data Deletion

Built-in deletion request system. Soft deletion preserves audit integrity. Full deletion available upon request.

FAQ

Where is our data stored?

U.S.-based cloud data centers.

Can users be required to use MFA?

MFA is required. It is not optional.

How do you handle data deletion requests?

Through the platform. Soft deletion is immediate. Full deletion on request.

Is Advo360 HIPAA compliant?

Advo360 meets HIPAA technical safeguard requirements including access controls, audit logging, encryption in transit and at rest, and authentication. A Business Associate Agreement is available for organizations that require one.

Can you provide documentation for grant applications?

Yes. This page and additional technical documentation are available in grant-ready formats.

The organizations you serve trust you with their most sensitive information.

Your technology should justify that trust.

Request a Demo