top of page

Avonow Privacy

Last updated: September 2023

Avonow views compliance with applicable data protection laws as an opportunity to build privacy-respectful products while further fostering customer trust. 

What is Avonow doing in order to comply with data protection laws? 

This is a high-level summary of what we have done so far:

Data protection strategy.

  • We retained a leading outside expert counsel to help us understand the applicable data protection laws and prepare a compliance plan. 

  • We built an internal task force with members of different departments (security, sales, product development, and others) to implement the compliance plan internally.  

  • We involved senior management in the supervision of our implementation plan.      

  • We defined and implemented a Personal Data Policy and other top-level policies as needed – e.g., the Data Retention Policy, and Data Breach Notification Policy.

  • We regularly provide training and awareness among our employees about key GDPR requirements.  

SOC CPA blue logo

Data Processing Agreement.

  • We prepared and have available a Data Processing Agreement in accordance with Article 28 of the EU's General Data Protection Regulation (“GDPR”), and with the California Consumer Privacy Act, and its amendments ("CCPA"), as applicable, for signature with our customers upon request.

GDPR logo


  • Avonow’s platform runs on Amazon Web Services (AWS) and is a validated partner of AWS; AWS platform is ISO 27001, SOC reports 1, 2, and 3 certified. Read more about AWS security here (SOC, PCI, and more), and here (ISO), AWS also is self-certified under the EU-US Data Privacy Framework, as you can see here; 

  • Avonow has processes for external and internal information security risk management that seek to identify, assess and address risks using a risk treatment plan to implement recommendations and decisions. The risk assessment methodologies utilized include:

    • Maintaining SOC2 Type 2 Certification

    • Periodic security audits

  • Our platform leverages best industry practices and security measures to further secure, monitor, and protect the usage and data on the platform; and      

  • Avonow’s dedicated DevOps team, in coordination with our CISO, is responsible for platform management, including all security updates, new versions, and bug fixes. This way Avonow customers can focus on their research and manufacturing without the need to carry out any work or any platform-related management or maintenance.

  • We have processes in place to identify and handle security incidents.

  • Client data is fully encrypted in transit and at rest; and are processed and stored in isolated services, which are all managed by Role-Based Access control with System internal roles.

  • Regular Penetration Testing and Vulnerability Assessments are conducted by Third-party agencies to attest our security standing.

aws logo

Response to data requests.

  • We receive and respond to requests to grant access, correct or to information data made by our customers through our customer success or the relevant account manager.     

data requests

Data transfers outside the EU.

  • Avonow staff. The majority of our staff sits in Israel and the US. Israel was declared by the European Commission as a country that offers adequate level of data protection (see here). 

  • Other vendors and partners. We only share personal data that is subject to the GDPR with vendors and partners that, like Amazon Web Services, have stated and demonstrated that they comply with data protection laws, including the GDPR. When we transfer information protected by the GDPR outside the EU, we rely on permitted transfer mechanisms, such as signing Standard Contractual Clauses and/or relying on the EU-US Data Privacy Framework.

data transfers

Artificial Intelligence.

  • We use artificial intelligence tools and functionalities ("AI Tools") in order to provide our services. When using third-party AI Tools, we conduct diligence on each tool in order to confirm the personal data of our customers will be protected. We are also constantly monitoring new developments in artificial intelligence rules and regulations in order to ensure our compliance.

ai vis

Ongoing compliance.

  • We do not address privacy compliance as a one-time exercise. Rather, we periodically review our roadmap and ensure ongoing compliance. 

compliance visual

I have more questions. Who should I contact? If you have any additional questions about our privacy compliance you are welcome to contact us at

Disclaimer: The information in this document may not be construed or used as legal advice about the content, interpretation or application of any law, regulation or regulatory guideline. Customers and prospective customers must seek their own legal counsel to understand the applicability of any law or regulation on their processing of personal data.

For more information, please refer to:  Terms of Use and Privacy Policy

bottom of page