Subscribe
Login

Terms and Conditions

About the Application

Welcome to https://app.alignvu.io/ (the ‘Application’). The Application provides Global Sanction List reconciliation, monitoring and assessment of government sourced against a number of value add Sanction List Aggregator data sets as well as customer internal sanction lists (the ‘Services’).

The Application is operated by ATTAIN Group Limited (a UK company Reg 3810856) trading as alignVu. Access to and use of the Application, or any of its associated Products or Services, is provided by alignVu. Please read these terms and conditions (the ‘Terms’) carefully. By using, browsing and/or reading the Application, this signifies that you have read, understood and agree to be bound by the Terms. If you do not agree with the Terms, you must cease usage of the Application, or any of Services, immediately.

alignVu reserves the right to review and change any of the Terms by updating this page at its sole discretion. When alignVu updates the Terms, it will use reasonable endeavours to provide you with notice of updates to the Terms. Any changes to the Terms take immediate effect from the date of their publication. Before you continue, we recommend you keep a copy of the Terms for your records.

You accept the Terms by using the Application. You may also accept the Terms by clicking to accept or agree to the Terms where this option is made available to you by alignVu in the user interface.

In order to access the Services, you must first register (‘Register’) to use the Application. This provides access to alignVu, and a number of freely available Global Sanction Lists from government agencies. Upon registration you may then purchase a subscription through the Application (the ‘Subscription’) and pay the applicable fee for the selected Subscription (the ‘Subscription Fee’).

In purchasing the Subscription, you acknowledge and agree that it is your responsibility to ensure that the Subscription you elect to purchase is suitable for your use.

Once you have purchased the Subscription, you will then be required to register for an account through the Application before you can access the Services (the ‘ Account’).

As part of the registration process, or as part of your continued use of the Services, you may be required to provide personal information about yourself (such as identification or contact details), including:

  • Email address
  • Preferred username
  • Mailing address
  • Telephone number
  • Password
  • Company Name

You warrant that any information you give to alignVu in the course of completing the registration process will always be accurate, correct and up to date.

Once you have completed the registration process, you will be a subscriber of the Application (‘Subscriber’) and agree to be bound by the Terms. As a Subscriber you will be granted immediate access to the Services from the time you have completed the registration process until the subscription period expires (the ‘Subscription Period’).

You may not use the Services and may not accept the Terms if:

  • you are not of legal age to form a binding contract with alignVu; or
  • you are a person barred from receiving the Services under the laws of United Kingdom or other countries including the country in which you are resident or from which you use the Services.

As a Subscriber, you agree to comply with the following:

  • you will use the Services only for purposes that are permitted by:
  • the Terms; and
  • any applicable law, regulation or generally accepted practices or guidelines in the relevant jurisdictions;

You have the sole responsibility for protecting the confidentiality of your password and/or email address. Use of your password by any other person may result in the immediate cancellation of the Services;

Any use of your registration information by any other person, or third parties, is strictly prohibited. You agree to immediately notify alignVu of any unauthorized use of your password or email address or any breach of security of which you have become aware;

Access and use of the Application is limited, non-transferable and allows for the sole use of the Application by you for the purposes of alignVu providing the Services;

You will not use the Services or the Application in connection with any commercial endeavours except those that are specifically endorsed or approved by the management of alignVu and the compliance with the AML/CTF laws and regulations;

You will not use the Services or Application for any illegal and/or unauthorized use which includes collecting email addresses of Subscribers by electronic or other means for the purpose of sending unsolicited email or unauthorized framing of or linking to the Application;

You agree that commercial advertisements, affiliate links, and other forms of solicitation may be removed from the Application without notice and may result in termination of the Services. Appropriate legal action will be taken by alignVu for any illegal or unauthorized use of the Application; and

You acknowledge and agree that any automated use of the Application or its Services is prohibited unless via the connect SaaS provided through alignVu

alignVu will provide you with the Services detailed in the Subscription in accordance with the terms set out in these Terms of Use.

alignVu will use reasonable endeavours to provide the Services in accordance with any timetable agreed with you. However, you acknowledge and accept that any dates given by alignVu are estimates only and that delivery of the Services will be dependent upon your timely cooperation with alignVu as well as other factors outside of alignVu’s reasonable control.

You acknowledge and accept that occasionally alignVu, in providing the Services, may be required to:

  • change the technical specification of the Services for operational reasons; however, alignVu will ensure that any change to the technical specification does not materially reduce or detrimentally impact the performance of the Services;
  • give you instructions which it reasonably believes are necessary for reasons of health, safety, or the quality of any Services provided by alignVu, and you shall comply with such instructions; and
  • suspend the Services for operational reasons such as repair, maintenance or improvement or because of an emergency, in which case alignVu will give you as much online, written or oral notice as possible and shall ensure that the Services are restored as soon as possible following suspension.

You shall be responsible for:

  • ensuring that you have a minimum of one System Administrator who is familiar with the use of the Services and can act as the first point of contact for all Permitted Subscribers of the Services;
  • informing alignVu of any changes to your System Administrator’s contact details without undue delay;
  • providing the telecommunications and network services and correctly configured hardware and other equipment needed to connect to the Services;
  • the configuration and management of access to the Services, including the configuration of your network, firewall, DNS, routers, personal computers and Subscriber Profile; e. obtaining alignVu’s prior written consent to any integration of the Services into a Application or call centre application which you may wish to undertake (with such consent not to be unreasonably withheld); 
  • any work required for any integration approved by alignVu.
  • You must inform alignVu, without undue delay, of any changes to the information which you supplied within the Subscription.

You shall comply with these Terms and all relevant Additional Terms where applicable.

You must ensure that any software, equipment and materials which are used with the Services:

  • are connected and used in accordance with any instructions and security procedures specified by alignVu;
  • are technically compatible with the Services and meet the minimum technical specifications detailed in the Subscription.
  • You shall only access the Services as permitted by alignVu and shall not attempt at any time to circumvent system security or access the source software or compiled code.

The Services are provided solely for your internal business purpose, and as part of this service, you may share the information with your clients. You must not resell or attempt to resell the Services (or any part or facility of it, including the Output Material) to any third party without first entering into an appropriate agreement signed by an authorized representative of alignVu.

You must not use the Services for the purposes of verifying the identity of Data Subjects where you do not have the relevant permission or consent from the Data Subject in accordance with the Privacy and Data Protection Requirements.

The Services are protected by Intellectual Property Rights. You must not copy, store, adapt, modify, transmit, or distribute the Services except to Permitted Subscribers or permit anyone else to do the same.

You shall be responsible for the creation, maintenance, and design of all Subscriber Information.

You warrant that you shall comply with all applicable legislation, instructions, and guidelines issued by regulatory authorities, relevant licenses, and any other codes of practice that apply to you and your use of the Services, including those which relate to the provision of Subscriber Information.

You are responsible for the acts and omissions of all Permitted Subscribers of the Services and are liable for any failure by a Permitted Subscriber to perform or observe these Terms.

If you use the Services in contravention of this clause, and the contravention is not remedied within 10 business days, then alignVu shall be entitled to treat the contravention as a material breach of these Terms and terminate your Subscription.

You are responsible for the security and proper use of all user identities (“Subscriber IDs”) and passwords used in connection with the Services (including changing passwords on a regular basis).

You shall take all reasonably necessary steps to ensure that Subscriber IDs are kept confidential, secure, are used properly, and are not disclosed to any unauthorized parties. For the avoidance of doubt, you will be responsible for all Charges for the Services where your Subscriber ID has been used to access the Services.

 You must immediately inform alignVu if there is any reason to believe that a Subscriber ID or password has or is likely to become known to someone not authorized to use it or is being or is likely to be used in an unauthorized way.

alignVu reserves the right to suspend the Subscriber ID and password access to the Services if at any time alignVu reasonably considers that there is or is likely to be a breach of security or misuse of the Services and/or to require you to change any or all of the passwords used by you in connection with the Services.

The alignVu security and development teams shall use all of the following measures to detect vulnerabilities that may arise in alignVu’s information systems.

  • Cross-checking vulnerability databases with all systems and software packages that support critical alignVu services.
  • Automated source code scanners on every code commit.
  • Code reviews on every security-sensitive code commit.
  • Vulnerability scanning on alignVu services.
  • Maintain a bug bounty program.
  • Annual penetration testing with an independent provider.

The alignVu security team shall evaluate the severity of every detected vulnerability in terms of the likelihood and potential impact of an exploit and shall develop mitigation strategies and schedules accordingly. Suitable mitigations include complete remediation or implementing compensating controls.

Incident Detection and Response

The alignVu security team maintains an internal Incident Response Policy which contains steps for preparation, identification, containment, investigation, eradication, recovery, and follow-up/postmortem.

The alignVu security team shall use all of the following measures to detect security incidents.

  • Continuous monitoring of AWS network traffic and workloads for malicious or unauthorized activities.
  • Continuous monitoring of logs to detect potentially malicious or unauthorized activity.
  • Conduct reviews on the causes of any service outages.
  • Respond to notices of potential incidents from employees, contractors, or external parties.
  • The alignVu security team shall make a determination of whether every indicator is representative of an actual security incident. The severity, scope, and root cause of every incident shall be evaluated, and every incident shall be resolved in a manner and timeframe commensurate with the severity and scope.
  • In the event that a data breach affecting a customer has been detected, alignVu will maintain communication with the customer about the severity, scope, root cause, and resolution of the breach.

In addition to personal data (“subscriber”), there is other data types available through alignVu;

  • (“original records of interest data”) which is drawn both from many different government and regulatory sources,
  • (“native record of interest”) which are original records of interest that have been mapped into the alignVu data model and are monitored, analysed and reconciled in a service provided by alignVu to its subscribers,
  • (“aggregator records of interest”) in which alignVu acts as data processor on behalf of the commercial content owner who has a direct agreement with the alignVu subscriber.
  • (“client records of interest”) are records provided by a subscriber and processed by alignVu as a part of the subscription service provide to that subscriber.
Original Records of Interest – classification “Public”

In some cases, the source data have errors which we have not yet detected and in other cases the data has been provided in very complex and impenetrable formats, which may have given rise to errors in the way it is presented on alignVu

Therefore, we cannot make any promises as to the quality of company data. You use data in its original form entirely at your own risk. For this reason, and because Original Records of Interest are made available without charge from their source, we limit our liability as follows

  • Original Records of Interest are provided “AS IS” and on an “IS AVAILABLE” basis without any representations or any kind of warranty made (whether express or implied by law) to the extent permitted by law, including the implied warranties of satisfactory quality, fitness for a particular purpose, non-infringement, compatibility, security and accuracy.
  • Under no circumstances will we be liable for any of the following losses or damage (whether such losses were foreseen, foreseeable, known or otherwise): (a) loss of data; (b) loss of revenue or anticipated profits; (c) loss of business; (d) loss of opportunity; (e) loss of goodwill or injury to reputation; (f) losses suffered by third parties; or (g) any indirect, consequential, special or exemplary damages arising from the use of alignVu regardless of the form of action.
  • We do not warrant that functions contained in Original Records of Interest content will be uninterrupted or error free, that defects will be corrected, or that alignVu or the servers that make it available are free of viruses or bugs.
Native Records of Interest, Aggregator Records of Interest and Client Records of Interest – classified as “Confidential”

alignVu acts as a data processor for these data types which it provides as a service to its subscribers. These records are aligned, verified, tracked, monitored and assessed and anomaly reports and alerts are provided to subscribers that inform subscribers as to the conformity, consistency, accuracy and freshness of each record from initial publication to the point available to screening system.

How does alignVu manage data classifications and data processing?

Data Classification

alignVu maintains the following Data Confidentiality Levels:

  • Confidential – Information only available to specific, permissioned subscription groups. Data must be encrypted at rest and in transit. Access to data requires 2FA/MFA.
  • Restricted – Access restricted to specific roles within the organization and authorized third parties. Data must be encrypted at rest and in transit. Access to data requires 2FA/MFA.
  • Internal – Information is available to all employees and authorized third parties. Data must be encrypted at rest and in transit.
  • Public – Information is available to the public.

Data Confidentiality is determined by:

  • The value of the information, based on impacts identified during the risk assessment process.
  • Sensitivity and criticality of the information, based on the highest risk calculated for each data item during the risk assessment.
  • Policy, legal, regulatory, and contractual obligations.

Additionally, data may be separated into data type classifications to enforce processing rules for customer data. For each data class, the alignVu security and development teams may provision and dedicate specific information systems in Amazon Web Services to store and process data of that class, and only data of that class, unless otherwise explicitly stated. For all classes of customer data, data must be encrypted at rest and in transit. Corresponding systems may store, and process data items needed to keep each customer’s data properly segmented, such as alignVu customer identifiers.

Customer Subscriber Account Data – This is data pertaining to login accounts for the alignVu Application, used by alignVu customers. Subscriber account credentials shall be hashed in such a manner that the plaintext passwords cannot be recovered.

Customer Contact Data – This is contact data about alignVu customers and customer agents.

Customer Preferences Data – This is data pertaining to the customer-specific preferences and configurations of the alignVu service made by customer agents.

Customer Recorded Data – This is data that the alignVu service collects during session recording.

Customer Event Transaction Metadata – This is metadata about transactions conducted on all other classes of customer data. This includes customer organization and user identifiers, standard syslog data pertaining to customer users, and instances of Customer Contact Data and Customer Preferences Data. This class does not include Customer Recorded Data.

Customer Contact Data, Customer Preferences Data, and Customer Event Transaction Metadata may be stored and processed in systems hosted in environments other than Amazon Web Services, as approved by the security team.

Resources must maintain accurate data classification tagging policies for their entire lifecycle, including during decommissioning or when removed from service temporarily.

alignVu Employee Access to Customer Data

alignVu employees may access Customer Data only under the following conditions.

  • From managed devices.
  • For the purpose of incident response, or customer support.
  • For no longer than is needed to fulfill the purpose of access.
  • In an auditable manner.
  • Customer Data is not used in development or test systems.
  • Product usage metadata may be utilized for analytics, performance monitoring, and service/feature improvement.
Customer Access

alignVu provides web user interfaces (UIs), application programming interfaces (APIs), and data export facilities to provide customers access to their data.

Exceptional Cases

The security team in conjunction with executive management may approve emergency exceptions to any of the above rules, in response to security incidents, service outages, or significant changes to the alignVu operating environment, when it is deemed that such exceptions will benefit and protect the security and mission of alignVu, alignVu customers, and visitors of alignVu customers’ websites.

Data Encryption

alignVu protects all data in transit with TLS 1.2 and all data at rest with AES-256 encryption from Amazon KMS. Cryptographic keys are assigned to specific roles based on least privilege access and keys are automatically rotated yearly. Usage of keys is monitored and logged.

Resources must maintain data encryption at rest and in transit for their entire lifecycle, including during decommissioning or when removed from service temporarily.

Data Retention

Each customer is responsible for the information they create, use, store, process and destroy.

On expiration of services, customers may instruct alignVu to delete all customer data from alignVu’s systems in accordance with applicable law as soon as reasonably practicable, unless applicable law or regulations require otherwise.

Data Sanitization and Secure Disposal

alignVu uses Amazon Web Services for all infrastructure. AWS provides the following guidance regarding their data lifecycle policies:

Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life cycles. AWS has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.

How does alignVu detect, and respond to vulnerabilities and security incidents?

The alignVu security and development teams shall use all of the following measures to detect vulnerabilities that may arise in alignVu’s information systems.

  • Cross-checking vulnerability databases with all systems and software packages that support critical alignVu services.
  • Automated source code scanners on every code commit.
  • Code reviews on every security-sensitive code commit.
  • Vulnerability scanning on alignVu services.
  • Maintain a bug bounty program.
  • Annual penetration testing with an independent provider.

The alignVu security team shall evaluate the severity of every detected vulnerability in terms of the likelihood and potential impact of an exploit and shall develop mitigation strategies and schedules accordingly. Suitable mitigations include complete remediation or implementing compensating controls.

Incident Detection and Response

The alignVu security team maintains an internal Incident Response Policy which contains steps for preparation, identification, containment, investigation, eradication, recovery, and follow-up/postmortem.

The alignVu security team shall use all of the following measures to detect security incidents.

  • Continuous monitoring of AWS network traffic and workloads for malicious or unauthorized activities.
  • Continuous monitoring of logs to detect potentially malicious or unauthorized activity.
  • Conduct reviews on the causes of any service outages.
  • Respond to notices of potential incidents from employees, contractors, or external parties.
  • The alignVu security team shall make a determination of whether every indicator is representative of an actual security incident. The severity, scope, and root cause of every incident shall be evaluated, and every incident shall be resolved in a manner and timeframe commensurate with the severity and scope.
  • In the event that a data breach affecting a customer has been detected, alignVu will maintain communication with the customer about the severity, scope, root cause, and resolution of the breach.

How will alignVu prevent and recover from events that could interfere with expected operations?

Availability and Resiliency

alignVu services shall be configured in such a manner so as to withstand long-term outages to individual servers, availability zones, and geographic regions. alignVu infrastructure and data is replicated in multiple geographic regions to ensure this level of availability. alignVu availability and status information can be found at status.clickup.com.

Disaster Recovery

alignVu targets a Data Recovery Point Objective (RPO) of near-zero for at least 7 days, and up to 24 hours beyond 7 days.

Due to the distributed nature of alignVu services, Recovery Time Objectives (RTO) are near-zero for geographic disasters. RTO for systemic disasters involving data recovery is targeted at 6 hours.

alignVu tests backup and recovery processes on at least a monthly basis.

Business Continuity

Business Risk Assessment and Business Impact Analysis

alignVu’s risk assessment committee will include business risk assessment and business impact analysis for each Key Business System that is used by the organization. The outcome of ongoing risk assessments will update or create recovery plans for Key Business Systems and update prioritization of systems compared to other key systems.

Distribution, Relocation, and Remote Work

alignVu prioritizes policies, tools, and equipment which enables independent, distributed remote work for all staff if emergencies or disasters strike. If the organization’s primary work site is unavailable, staff can work from home or an alternate work site shall be designated by management.

Notification and Communication

alignVu has established internal communications using secure, distributed providers using industry standard security protocols. Staff and management will be notified via existing channels during any emergency event, or when any data recovery plan is initiated or deactivated.

alignVu’s total liability arising out of or in connection with the Services or these Terms, however arising, including under contract, tort (including negligence), in equity, under statute or otherwise, will not exceed the resupply of the Services to you.

You expressly understand and agree that alignVu, its affiliates, employees, agents, contributors and licensors shall not be liable to you for any direct, indirect, incidental, special consequential or exemplary damages which may be incurred by you, however caused and under any theory of liability. This shall include, but is not limited to, any loss of profit (whether incurred directly or indirectly), any loss of goodwill or business reputation and any other intangible loss.

EU-U.S. Privacy Shield Framework

While we acknowledge that the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries may no longer be a valid transfer mechanism for data transfers to the European Economic Area, we nevertheless comply with the principles contained therein as additional measures to protect our users’ privacy alignVu adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the more restrictive policy shall govern.

By using the Services, you acknowledge that these terms and conditions govern your use of the Services, and that additional terms and conditions apply to the use of the data transmitted as part of the Services. Accordingly:

  • If you are an existing subscriber to one or more of the Proprietary third-party data sets provided through alignVu, the terms and conditions of use applicable to those Proprietary third-party data sets will continue to apply to your use within the provision of these Services.
  • If you request alignVu to use other Datasets in providing the Services, the terms and conditions of use of those Datasets will apply, in addition to these terms.
  • If you request alignVu to use Third-Party Datasets in providing the Services, the terms and conditions of use of those Third-Party Datasets will apply to you (where applicable), in addition to these terms.

If a third-party Data Provider imposes any restrictions or conditions of use on you pursuant to that third-party Data Provider’s agreement with alignVu, we reserve the right to impose these conditions on you, and you agree to comply with them.

You are responsible for obtaining the consent of each Data Subject for the provision of the Services.

Without limiting your obligations under these Terms of Use, you must:

  • Not use the Services, Service Materials, or any other data generated by the use of the Services for any purpose other than the Approved Purpose;
  • Not resell the Services, Service Materials, or any other data generated by the use of the Services (whether or not other information or services are added to it and whether or not it is incorporated into another service or other data);
  • Not change, delete or alter the data contained in the metadata fields of the data provided by alignVu as part of the Services (though this shall not prevent you from adding to such data); and

Comply with other reasonable product compliance requirements, which alignVu may notify you of from time to time.

Where the option is given to you, you may make payment of the Subscription Fee by way of:

  • PayPal (‘PayPal’)
  • Credit Card
  • Direct Debit
  • Invoice

You acknowledge and agree that where a request for the payment of the Subscription Fee is returned or denied, for whatever reason, by your financial institution or is unpaid by you for any other reason, then you are liable for any costs, including banking fees and charges, associated with the Subscription Fee.

You agree and acknowledge that alignVu can vary the Subscription Fee at any time and that the varied Subscription Fee will come into effect following the conclusion of the existing Subscription Period.

alignVu will only provide you with a refund of the Subscription Fee in the event they are unable to continue to provide the Consultancy or Services or if the manager of alignVu makes a decision, at its absolute discretion, that it is reasonable to do so under the circumstances. Where this occurs, the refund will be in the proportional amount of the Subscription Fee that remains unused by the Subscriber (the ‘Refund’).

The Application, the Services and all of the related products of alignVu are subject to copyright. The material on the Application is protected by copyright under the laws of Australia and through international treaties. Unless otherwise indicated, all rights (including copyright) in the Services and compilation of the Application (including but not limited to text, graphics, logos, button icons, video images, audio clips, Application, code, scripts, design elements and interactive features) or the Services are owned or controlled for these purposes, and are reserved by alignVu or its contributors.

All trademarks, service marks and trade names are owned, registered and/or licensed by alignVu, who grants to you a worldwide, non-exclusive, royalty-free, revocable license whilst you are a Subscriber to:

  • use the Application pursuant to the Terms;
  • copy and store the Application and the material contained on the Application in your device’s cache memory;
  • copy and store the output material contained on the Application in your device’s; and
  • print pages from the Application for your own personal and non-commercial use.

alignVu does not grant you any other rights whatsoever in relation to the Application or the Services. All other rights are expressly reserved by alignVu.

alignVu retains all rights, title and interest in and to the Application and all related Services. Nothing you do on or in relation to the Application will transfer any:

  • business name, trading name, domain name, trademark, industrial design, patent, registered design or copyright, or
  • a right to use or exploit a business name, trading name, domain name, trademark or industrial design, or
  • a thing, system or process that is the subject of a patent, registered design or copyright (or an adaptation or modification of such a thing, system or process), to you.
  • You may not, without the prior written permission of alignVu and the permission of any other relevant rights owners: broadcast, republish, up-load to a third party, transmit, post, distribute, show or play in public, adapt or change in any way the Services or third-party Services for any purpose, unless otherwise provided by these Terms. This prohibition does not extend to materials on the Application, which are freely available for re-use or are in the public domain.

If, as a result of these Terms of Use, you are able to access any information about identifiable individuals held by or on behalf of alignVu (which is a trading name of the Attain Group Ltd ), then you:

  • Must comply with all applicable Privacy Laws and such other data protection laws as may be in force from time to time which regulate the collection, storage, use, and disclosure of information, as if it were regulated by these laws;
  • Must comply with any privacy code or policy which has been adopted by alignVu and is available on the Application as if you were bound by that code or policy;
  • Must comply with any direction by alignVu that is consistent with the laws, codes, and policies referred to in paragraphs (a) and (b) above;
  • Must not do any act or engage in any practice that would breach the Privacy Laws or cause alignVu to breach the Privacy Laws;
  • Must take all steps which are reasonable in the circumstances to protect any Personal Information held by you in connection with these Terms of Use from misuse, interference or loss, and from unauthorized access, modification, or disclosure;
  • Must immediately notify alignVu if you become aware of a breach of the Privacy Law in connection with these Terms of Use and notwithstanding any other provision of these Terms of Use, will take steps to remedy the breach immediately;
  • Must comply with any reasonable direction of alignVu to observe any recommendation of any government body relating to acts or practices of yours that the government body considers to be in breach of the obligations of this clause; and
  • Must indemnify alignVu and any Related Body Corporate from any loss or damage caused or contributed to by your failure to comply with the Privacy Laws.

“Associated Company” includes any firm, company, corporation or other organisation which:

  • is directly or indirectly controlled by the Company; or
  • directly or indirectly controls the Company; or
  • is directly or indirectly controlled by a third party who also directly or indirectly controls the Company; or
  • is the successor in title or assign of the firms, companies, corporations or other organisations referred to above.
  • Our Data Protection Officers are members of our Data Protection Committee and can be contacted by email at data.protection@attain.uk.com , by telephone on +44 1942 247884, or by post at G25 Wigan Investment Centre, Waterside Drive, Wigan, England, WN3 5BA.
  • We are a registered with the Information Commissioner’s Office, registration ID Z8244039.

This Privacy Policy applies to all data subjects whose personal data controlled by alignVu and/or or to your use the Application.  Our website contain links only to other websites provided by verifiable government department.  We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law. Please note that We have no control over how your data is collected, stored, or used by third party processors and other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:

  • The right to be informed about Our collection and use of personal data;
  • The right of access to the personal data We hold about you
  • The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us);
  • The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in section 6 but if you would like Us to delete it sooner, please contact Us);
  • The right to restrict (i.e. prevent) the processing of your personal data;
  • The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
  • The right to object to Us using your personal data for particular purposes; and
  • Rights with respect to automated decision making and profiling.

If you have any cause for complaint about Our use of your personal data, please contact Us by contacting our Data Protection Officer using the contact details outlined above.

We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.

For further information about your rights, please contact the Information Commissioner’s Office

What Data Do We Collect?

Depending upon your relationship to Us and/or your use of Our website (including our Careers page), We may collect some or all of the following personal data (please also see the Cookie Policy on our website at  https://attain.uk.com/cookie-policy/ on Our use of Cookies and similar):

Website and Application Registration (personal user) www.alignvu.io
  • Name
  • business/company name
  • job title
  • IP address
  • web browser type and version
  • operating system
Application Subscription
  • Username
  • email address
  • Subscriber Group Contract ID
  • Contact Telephone number (optional)
  • Subscriber Group Contract Administrator escalation
  • Our Data Protection Officers are members of our Data Protection Committee and can be contacted by email at data.protection@attain.uk.com , by telephone on +44 1942 247884, or by post at G25 Wigan Investment Centre, Waterside Drive, Wigan, England, WN3 5BA.
  • We are a registered with the Information Commissioner’s Office, registration ID Z8244039.

This Privacy Policy applies to all data subjects whose personal data controlled by alignVu and/or or to your use the Application.  Our website contain links only to other websites provided by verifiable government department.  We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law. Please note that We have no control over how your data is collected, stored, or used by third party processors and other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:

  • The right to be informed about Our collection and use of personal data;
  • The right of access to the personal data We hold about you
  • The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us);
  • The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in section 6 but if you would like Us to delete it sooner, please contact Us);
  • The right to restrict (i.e. prevent) the processing of your personal data;
  • The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
  • The right to object to Us using your personal data for particular purposes; and
  • Rights with respect to automated decision making and profiling.

If you have any cause for complaint about Our use of your personal data, please contact Us by contacting our Data Protection Officer using the contact details outlined above.

We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.

For further information about your rights, please contact the Information Commissioner’s Office

What Data Do We Collect?

Depending upon your relationship to Us and/or your use of Our website (including our Careers page), We may collect some or all of the following personal data (please also see the Cookie Policy on our website at  https://attain.uk.com/cookie-policy/ on Our use of Cookies and similar):

Website and Application Registration (personal user) www.alignvu.io
  • Name
  • business/company name
  • job title
  • IP address
  • web browser type and version
  • operating system
Application Subscription
  • Username
  • email address
  • Subscriber Group Contract ID
  • Contact Telephone number (optional)
  • Subscriber Group Contract Administrator escalation

  • We only keep your personal data for as long as We need to in order to use it as described above in section 6, and/or for as long as We have your permission to keep it.

    All of your data will be stored in the UK and ensure that your data is treated safely and securely under the Data Protection Act 2018 and GDPR including:

    • Confirmation of GDPR compliance from all third-party processors engaged directly by US.
    • Privacy Impact Assessments carried out where required for third party processors.

    Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure personal data. Steps We take to secure and protect your data include:

    • All internal systems are secured as per the IT Security Policy, available on request to data.protection@attain.uk.com;
    • Marketing website secure hosting with website security features provided by WordPress;
    • All job applicant details are stored on UK servers in full GDPR compliance;
    • All communications with marketing lists are conducted through Microsoft Office365; Gmail; or MailChimp, third party processors which have provided written confirmation of their GDPR compliance.

In certain circumstances, we may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal obligations, a court order, or a governmental authority.

We may compile statistics about the use of application and including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.

We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business or those of our Associated Companies. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, may be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.

In the event that any of your data is to be transferred in such a manner, all efforts will be made to contact you in advance and inform you of the changes. When contacted you may be given the choice to have your data deleted or withheld from the new owner or controller.

You may access certain areas of the Marketing Website without providing any data at all. However, to use all features and functions available on the Marketing Website you may be required to submit or allow for the collection of certain data.

You may restrict Our use of Cookies. For more information, see Our Cookie Policy  https://attain.uk.com/cookie-policy/.

You may request to restrict the processing of personal data routinely collected for the purpose of establishing and fulfilling a contract; where it is possible to fulfil the contract without such information, and where permitted by law, We will comply to written requests to withhold, delete or limit the processing of your personal data.

You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable, and We will provide any and all information in response to your request free of charge, unless responding to it is likely to be complex and will involve looking extensively at a high volume of data, in which case you will be notified of the relevant fee involved. Please contact Us for more details at data.protection@attain.uk.com.

We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Marketing Website and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Marketing Website following the alterations or continuation of your relationship with Us. We recommend that you check this page regularly to keep up-to-date.

Nothing in the Terms limits or excludes any guarantees, warranties, representations or conditions implied or imposed by UK law (or any liability under them) which by law may not be limited or excluded.

Subject to this clause, and to the extent permitted by law:

  • all terms, guarantees, warranties, representations or conditions which are not expressly stated in the Terms are excluded; and
  • alignVu will not be liable for any special, indirect or consequential loss or damage (unless such loss or damage is reasonably foreseeable resulting from our failure to meet an applicable Consumer Guarantee), loss of profit or opportunity, or damage to goodwill arising out of or in connection with the Services or these Terms (including as a result of not being able to use the Services or the late supply of the Services), whether at common law, under contract, tort (including negligence), in equity, pursuant to statute or otherwise.

Use of the Application and the Services is at your own risk. Everything on the Application and the Services is provided to you “as is” and “as available” without warranty or condition of any kind. None of the affiliates, directors, officers, employees, agents, contributors and licensors of alignVu make any express or implied representation or warranty about the Services or any products or Services (including the products or Services of alignVu) referred to on the Application. includes (but is not restricted to) loss or damage you might suffer as a result of any of the following:

  • failure of performance, error, omission, interruption, deletion, defect, failure to correct defects, delay in operation or transmission, computer virus or other harmful component, loss of data, communication line failure, unlawful third-party conduct, or theft, destruction, alteration or unauthorized access to records;
  • the accuracy, suitability or currency of any information on the Application, the Services, or any of its Services related products (including third party material and advertisements on the Application);
  • costs incurred as a result of you using the Application, the Services or any of the products of alignVu; and
  • the Services or operation in respect to links which are provided for your convenience.

The Terms will continue to apply until terminated by either you or by alignVu as set out below.

If you want to terminate the Terms, you may do so by:

  • providing alignVu with 30 days’ notice of your intention to terminate; and
  • closing your accounts for all of the services which you use, where alignVu has made this option available to you.
  • Your notice should be sent, in writing, to alignVu via the ‘Contact Us’ link on our homepage or info@alignvu.io

alignVu may at any time, terminate the Terms with you if:

  • you have breached any provision of the Terms or intend to breach any provision;
  • alignVu is required to do so by law;
  • the provision of the Services to you by alignVu is, in the opinion of alignVu, no longer commercially viable.

Subject to local applicable laws, alignVu reserves the right to discontinue or cancel your membership at any time and may suspend or deny, in its sole discretion, your access to all or any portion of the Application or the Services without notice if you breach any provision of the Terms or any applicable law or if your conduct impacts alignVu’s name or reputation or violates the rights of those of another party.

You agree to indemnify alignVu, its affiliates, employees, agents, contributors, third party content providers and licensors from and against:

  • pall actions, suits, claims, demands, liabilities, costs, expenses, loss and damage (including legal fees on a full indemnity basis) incurred, suffered or arising out of or in connection with Your Content;
  • any direct or indirect consequences of you accessing, using or transacting on the Application or attempts to do so; and/or
  • any breach of the Terms.

Compulsory: If a dispute arises out of or relates to the Terms, either party may not commence any Tribunal or Court proceedings in relation to the dispute, unless the following clauses have been complied with (except where urgent interlocutory relief is sought).

Notice: A party to the Terms claiming a dispute (‘Dispute’) has arisen under the Terms, must give written notice to the other party detailing the nature of the dispute, the desired outcome and the action required to settle the Dispute.

Resolution: On receipt of that notice (‘Notice’) by that other party, the parties to the Terms (‘Parties’) must:

  • Within 90 days of the Notice endeavour in good faith to resolve the Dispute expeditiously by negotiation or such other means upon which they may mutually agree;
  • If for any reason whatsoever, 30 days after the date of the Notice, the Dispute has not been resolved, the Parties must either agree upon selection of a mediator or request that an appropriate mediator be appointed by the UK arbitration service or his or her nominee;
  • The Parties are equally liable for the fees and reasonable expenses of a mediator and the cost of the venue of the mediation and without limiting the foregoing undertake to pay any amounts requested by the mediator as a pre-condition to the mediation commencing. The Parties must each pay their own costs associated with the mediation;

The mediation will be held in London, United Kingdom.

  • Confidential: All communications concerning negotiations made by the Parties arising out of and in connection with this dispute resolution clause are confidential and to the extent possible, must be treated as “without prejudice” negotiations for the purpose of applicable laws of evidence.
  • Termination of Mediation: If 3 months have elapsed after the start of a mediation of the Dispute and the Dispute has not been resolved, either Party may ask the mediator to terminate the mediation and the mediator must do so.
Venue and Jurisdiction

Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with the Contract or its subject matter or formation. 

Governing Law

The Terms and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.

Severance

If any part of these Terms is found to be void or unenforceable by a Court of competent jurisdiction, that part shall be severed, and the rest of the Terms shall remain in force.

alignVu employs strict security standards and measures throughout the entire organization. Every team member is trained and kept up to date on the latest security protocols. We regularly undergo testing, training, and auditing of our practices and policies.

What is this document, why does it exist, what does it cover, and who is in charge of it?

This policy defines behavioural, process, technical, and governance controls pertaining to security at alignVu that all personnel are required to implement in order to ensure the confidentiality, integrity, and availability of the alignVu service and data (“Policy”). All personnel must review and be familiar with the rules and actions set forth below.

This Policy defines security requirements for:

  • all alignVu employees, contractors, consultants and any other third parties providing services to alignVu (“personnel”),
  • management of systems, both hardware and software and regardless of locale, used to create, maintain, store, access, process or transmit information on behalf of alignVu, including all systems owned by alignVu, connected to any network controlled by alignVu, or used in service of alignVu’s business, including systems owned third party service providers, and
  • circumstances in which alignVu has a legal, contractual, or fiduciary duty to protect data or resources in its custody.

In the event of a conflict, the more restrictive measures apply.

Governance and Evolution

This Policy was created in close collaboration with and approved by alignVu executives. At least annually, it is reviewed and modified as needed to ensure clarity, sufficiency of scope, concern for customer and personnel interests, and general responsiveness to the evolving security landscape and industry best practices.

Security Team

The alignVu security team oversees the implementation of this Policy, including

  • procurement, provisioning, maintenance, retirement, and reclamation of corporate computing resources,
  • all aspects of service development and operation related to security, privacy, access, reliability, and survivability,
  • ongoing risk assessment, vulnerability management, incident response, and
  • security-related human resources controls and personnel training.

The security team maintains a Risk Management Framework derived from NIST SP 800-39 – “Managing Information Security Risk: Organization, Mission, and System View” and NIST SP 800-30 – “Guide for Conducting Risk Assessments”. Risk assessment exercises inform prioritization for ongoing improvements to alignVu’s security posture, which may include changes to this Policy itself.

Our Risk Management Framework incorporates the following:

  • Identification of relevant, potential threats.
  • A scheme for assessing the strength of implemented controls.
  • A scheme for assessing current risks and evaluating their severity.
  • A scheme for responding to risks.

What are alignVu’s expectations of its personnel and the workplace regarding systems and data?

alignVu is committed to protecting its customers, personnel, partners, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly in the context of its established employment culture of openness, trust, maturity, and integrity.

This section outlines expected personnel behaviours affecting security and the acceptable use of computer systems at alignVu. These rules are in place to protect our personnel and alignVu itself, in that inappropriate use may expose customers and partners to risks including malware, viruses, compromise of networked systems and services, and legal issues.

Work Behaviours

The first line of defence in data security is the informed behaviour of personnel, who play a significant role in ensuring the security of all data, regardless of format. Such behaviours include those listed in this section as well as any additional requirements specified in the employee handbook, specific security processes, and other applicable codes of conduct.

Training

All employees and contractors must complete the alignVu security awareness and data handling training programs at least annually.

Unrecognized Persons and Visitors

It is the responsibility of all personnel to take positive action to maintain physical security. Challenge any unrecognized person present in a restricted office location. Any challenged person who does not respond appropriately should be immediately reported to supervisory staff and the security team. All visitors to alignVu offices must be registered as such or accompanied by a alignVu employee.

Clean Desk

Personnel should maintain workspaces clear of sensitive or confidential material and take care to clear workspaces of such material at the end of each workday.

Unattended Devices

Unattended devices must be locked. All devices will have an automatic screen lock function set to automatically activate upon no more than fifteen minutes of inactivity.

Use of Corporate Assets

Systems are to be used for business purposes in serving the interests of the company, and of our clients and partners in the course of normal business operations. Personnel are responsible for exercising good judgment regarding the reasonableness of personal use of systems. Only alignVu-managed hardware and software is permitted to be connected to or installed on corporate equipment or networks and used to access alignVu data. alignVu-managed hardware and software includes those either owned by alignVu or owned by alignVu personnel but enrolled in an alignVu device management system. Only software that has been approved for corporate use by alignVu may be installed on corporate equipment. All personnel must read and understand the list of prohibited activities outlined in this Policy. Modifications or configuration changes are not permitted without explicit written consent by the alignVu security team.

Removable Storage, No Backups, Use of Cloud Storage

Use of removable media such as USB drives is prohibited. Personnel may not configure work devices to make backups or copies of data outside corporate policies. Instead, personnel are expected to operate primarily “in the cloud” and treat local storage on computing devices as ephemeral. alignVu data must be saved to company-approved secure cloud storage (e.g. Google Docs) to ensure that even in the event of a corporate device being lost, stolen, or damaged, such artifacts will be immediately recoverable on a replacement device.

Prohibited Activities

The following activities are prohibited. Under certain conditions and with the explicit written consent of the security team, personnel may be exempted from certain of these restrictions during the course of their legitimate job responsibilities (e.g. planned penetration testing, systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).

The list below is by no means exhaustive, but attempts to provide a framework for activities which fall into the category of unacceptable use.

  • Under no circumstances are personnel of alignVu authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing alignVu-owned resources.
  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by alignVu.
  • Violating or attempting to violate the terms of use or license agreement of any software product used by alignVu is strictly prohibited.
  • Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which alignVu or the end user does not have an active license is strictly prohibited.
  • Exporting software, technical information, encryption software or technology may result in a violation of international or regional export control laws. The appropriate management should be consulted prior to export of any material that is in question.
  • Revealing your account password to others or allowing use of your account by others. This includes colleagues, as well as family and other household members when work is being done at home.
  • Making fraudulent offers of products, items, or services originating from any alignVu account.
  • Making statements about warranty, expressly or implied, unless it is a part of normal job duties and then only to the extent the warranties are consistent with alignVu’s authorized warranties.
  • Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
  • Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access. For purposes of this section, “disruption” includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service, and forged routing information for malicious or unlawful purposes.
  • Except by or under the direct supervision of the security team, port scanning or security scanning, or other such software designed to exploit or find computer, software, or network vulnerabilities.
  • Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duty.
  • Circumventing user authentication or security of any host, network or account or attempting to break into an information resource or to bypass a security feature. This includes running password-cracking programs or sniffer programs, and attempting to circumvent file or other resource permissions.
  • Attempting to interfere with or deny service to any other user.
  • Providing information about, or lists of, alignVu personnel to parties outside alignVu.
  • Installation of software which installs or includes any form of malware, spyware, or adware as defined by the security team.
  • Crashing an information system. Deliberately crashing an information system is strictly prohibited. Subscribers may not realize that they caused a system crash, but if it is shown that the crash occurred as a result of user action, a repetition of the action by that user may be viewed as a deliberate act.
  • Attempts to subvert technologies used to effect system configuration of company-managed devices (e.g. MDM) or personal devices voluntarily used for company purposes (e.g. mobile Work Profiles).
Personnel Systems Configuration, Ownership, and Privacy

Centralized System Configuration – Personnel devices and their software configuration are managed remotely by members of the security team via configuration-enforcement technology, also known as MDM software. Such technology may be used for purposes including auditing/installing/removing software applications or system services, managing network configuration, enforcing password policy, encrypting disks, remote wipe & recovery, copying data files to/from employee devices, and any other allowed interaction to ensure that employee devices comply with this Policy.

Data and Device Encryption – All devices must use modern full disk encryption to protect data in the event of a lost device. An example of valid full disk encryption is Apple FileVault 2 using XTS-AES-128 encryption with a 256-bit key. This is enforced using MDM software.

Device Heartbeat and Remote Wipe – Devices must support the ability to report their status and be remotely wiped. This is enforced using MDM software.

Prevent Removable Storage – Devices must prevent usage of removable storage. This is enforced using MDM software.

Endpoint/Antivirus/Antimalware Protection – Devices must automatically install and configure the alignVu provided antivirus software for endpoint protection. Configured software will report status and potential threats, allowing for remote administration and reporting by the security team. This is enforced using MDM software.

Retention of Ownership – All software programs, data, and documentation generated or provided by personnel while providing services to alignVu or for the benefit of alignVu are the property of alignVu unless otherwise covered by a contractual agreement.

Personnel Privacy – While alignVu’s network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems remains the property of alignVu. Due to the need to protect alignVu’s network, management does not intend to guarantee the privacy of personnel’s personal information stored on any network device belonging to alignVu. Personnel are responsible for exercising good judgment regarding the reasonableness of personal use such as general web browsing or personal email. If there is any uncertainty, personnel should consult the security team or their manager.

Personnel should structure all electronic communication with recognition of the fact that the content could be monitored and that any electronic communication could be forwarded, intercepted, printed, or stored by others.

alignVu reserves the right, at its discretion, to review personnel’s files or electronic communications to the extent necessary to ensure all electronic media and services are used in compliance with all applicable laws and regulations as well as corporate policies.

alignVu reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy. For security and network maintenance purposes, authorized individuals within alignVu may monitor equipment, systems and network traffic at any time.

Human Resources Practices

Background Checks – Background checks are conducted for personnel with access to production infrastructure prior to their start date. The consequences of problematic background check results may range from a limitation of security privileges, to revocation of employment offer, to termination.

Training – The security team maintains a company-wide security awareness program delivered to all personnel at least annually. The program covers security awareness, policies, processes, and training to ensure that personnel are sufficiently informed to meet their obligations. Those most responsible for maintaining security at alignVu, including the security team itself as well as key engineering/operations staff, undergo more technical continuing education.

Separation – In the case of personnel termination or resignation, the security team coordinates with human resources to implement a standardized separation process to ensure that all accounts, credentials, and access of outgoing employees are reliably disabled.

Physical Office Environment

Access to alignVu offices is mediated by a staffed front office and programmable door control access. All doors shall remain locked or staffed under normal business conditions. The security team may provide approval to unlock doors for short periods of time in order to accommodate extenuating physical access needs.

Internet-based security cameras are positioned to record time-stamped video of ingress/egress, which are stored off-site.

Office Network

Internet access shall be provided to devices via wired ethernet and WPA2 wifi. Networking switches and routers shall be placed in a locked networking closet with only the security team having access. alignVu executives and the security team may grant access to the networking closet to individuals on a case-by-case and as-needed basis. A network firewall that blocks all WAN-sourced traffic shall be put in place. WAN-accessible network services shall not be hosted within the office environment.

How does alignVu define, control, and maintain user identity and permissions for personnel?

Staff User Accounts and Authentication

Each individual having access to any alignVu controlled system does so via an account denoting their system identity. Such user accounts are required to have a unique username, a unique strong password of at least 8 characters, and a two-factor authentication (2FA) mechanism.

Logging into alignVu Systems

Logins by personnel may originate only from alignVu-managed devices. Authentication is performed by Google’s account management system for registration and by the alignVu portal for subscription, details of which can be found at https://gsuite.google.com/security. alignVu leverages G Suite’s facilities of detecting malicious authentication attempts. Repeated failed attempts to authenticate may result in the offending user account being locked or revoked.

Logging into Third Party Systems

Whenever available, third-party systems must be configured to delegate authentication to alignVu’s account authentication system (described above) thereby consolidating authentication controls into a single user account system that is centrally managed by the security team. This enforces the creation of unique strong passwords and stored in the alignVu approved password management system. Passwords must be paired with two-factor/MFA authentication.

Revocation and Auditing of Subsciber Accounts

Subscriber accounts are revoked (that is, disabled but not deleted) immediately upon personnel separation. As a further precaution, all user accounts are audited at least quarterly, and any inactive user accounts are revoked.

Access Management

alignVu adheres to the principle of least privilege, and every action attempted by a user account is subject to access control checks.

Role-based Access Control

alignVu employs a role-based access control (RBAC) model that facilitates organizational units, user accounts, user groups, and sharing controls.

Web Browsers and Extensions

alignVu may require use of a specified web browser(s) for normal business use and for access to corporate data such as email. For certain specified roles such as software development and web design, job activities beyond those mentioned above necessitate the use of a variety of browsers, and these roles may do so as needed for those activities.

Any browser that is allowed to access corporate data such as email is subject to a whitelist-based restriction on which browser extensions can be installed.

Administrative Access

Access to administrative operations is strictly limited to security team members and further restricted still as a function of tenure and the principle of least privilege.

Regular Review

Access control policies are reviewed regularly with the goal of reducing or refining access whenever possible. Changes in job function by personnel trigger an access review as well.

Termination

Upon termination of personnel, whether voluntary or involuntary, the security team will follow alignVu’s personnel exit procedure, which includes revocation of the associated user account and reclamation of company-owned devices, office keys or access cards, and all other corporate equipment and property prior to the final day of employment.

How does alignVu build, adopt, configure, and maintain technology to fulfil its security intentions?

Software Development

alignVu stores source code and configuration files in private GitHub repositories. The security and development teams conduct code reviews and execute a static code analysis tool on every code commit. Reviewers shall check for compliance with alignVu’s conventions and style, potential bugs, potential performance issues, and that the commit is bound to only its intended purpose.

Security reviews shall be conducted on every code commit to security-sensitive modules. Such modules include those that pertain directly to authentication, authorization, access control, auditing, and encryption.

All major pieces of incorporated open source software libraries and tools shall be reviewed for robustness, stability, performance, security, and maintainability.

The security and development teams shall establish and adhere to a formal software release process.

Sensitive data which does not need to be decrypted (e.g. passwords) is salted and hashed using approved functions such as Bcrypt.

Sensitive data which must be decrypted (e.g. tokens) must use an approved encryption provider for HSM functions, such as KMS.

Configuration and Change Management

The alignVu security and development teams shall document the configuration of all adopted systems and services, whether hosted by alignVu or are third party hosted. Industry best practices and vendor-specific guidance shall be identified and incorporated into system configurations. All configurations shall be reviewed on at least an annual basis. Any changes to configurations must be approved by appointed individuals and documented in a timely fashion.

System configurations must address the following controls in a risk-based fashion and in accordance with the remainder of this policy:

  • data-at-rest protection encryption
  • data-in-transit protection of confidentiality, authenticity, and integrity for incoming and outgoing data
  • data and file integrity
  • malware detection and resolution
  • capturing event logs
  • authentication of administrative users
  • access control enforcement
  • removal or disabling of unnecessary software and configurations
  • allocation of sufficient hardware resources to support loads that are expected at least twelve months into the future.
  • production data is not used in development or test systems.

alignVu and the Attain Group take security and compliance seriously and understands its significance to both customers and partners. For this reason, all alignVu services have certifications with the AICPA’s SOC for Service Organizations, SOC 2 Type II and SOC 3

alignVU utilises Amazon Web Services (AWS) as its cloud based application service provider and leverages AWS’ security and compliance controls for data centre physical security and cloud infrastructure. Further resources for this service provider can be found on the AWS Security Cloud website

The IT infrastructure that AWS provides to its customers is designed and managed in alignment with best security practices and a variety of IT security standards. The following is a partial list of assurance programs with which AWS complies:

  • SOC 1/ISAE 3402, SOC 2, SOC 3
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 9001, ISO 27001, ISO 27017, ISO 27018
Benefits of AWS Security
  • Keep Your Data Safe: The AWS infrastructure puts strong safeguards in place to help protect your privacy. All data is stored in highly secure AWS data centres.
  • Meet Compliance Requirements: AWS manages dozens of compliance programs in its infrastructure. This means that segments of your compliance have already been completed.
  • Save Money: Cut costs by using AWS data centres. Maintain the highest standard of security without having to manage your own facility
  • Scale Quickly: Security scales with your AWS Cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe.

Unlock more great features when you register

Sign up today

Useful Links

Terms

Contact Us

Wigan Investment Centre,
Waterside Drive,
Wigan, WN3 5BA
Get in Touch

© 2023 Alignvu

Subscribe

To subscribe to our application please fill in your details and one of our experts will be in touch, we look forward to hearing from you.
We will only contact you in relation to latest news & updates that we think will be of interest to you. We will not disclose your information to any third party and you can unsubscribe from our database at any time.

Register

Registration provides you with access to more than 50 regulator, PEP and financial crime datafeeds in there created format and updates.

We will only contact you in relation to latest news & updates that we think will be of interest to you. We will not disclose your information to any third party and you can unsubscribe from our database at any time.
OR

Subscribe

To subscribe to our application please fill in your details and one of our experts will be in touch, we look forward to hearing from you.
We will only contact you in relation to latest news & updates that we think will be of interest to you. We will not disclose your information to any third party and you can unsubscribe from our database at any time.
OR
Login to the app here