Security & Data Protection
Enterprise-grade security for the Avantwerk platform
Effective Date: 1 February 2026Your data security matters to us. The Avantwerk platform is built on enterprise-grade infrastructure with robust encryption, access controls, and compliance features to help protect your information and your customers' data.
Contents
1. Security Framework
The Avantwerk platform is built secure from the ground up, with multiple layers of protection across data, access, and infrastructure.
Data Protection
Multiple layers of protection ensure your data remains secure at all times:
- AES-256 encryption at rest
- TLS 1.2/1.3 encryption in transit
- GDPR-compliant data transfers (Standard Contractual Clauses)
- EU-U.S. Data Privacy Framework certified
Access Control
Granular controls ensure only authorised users access sensitive data:
- Role-Based Access Control (RBAC)
- Two-Factor Authentication (2FA)
- Complete audit logs
- Automatic session timeouts
Infrastructure
Hosted on enterprise-grade certified cloud providers with built-in redundancy:
- Google Cloud Platform & AWS (SOC 2, ISO 27001)
- 99.5%+ uptime guarantee
- Daily encrypted backups
- 24/7 threat monitoring
2. Regulatory Compliance
The Avantwerk platform maintains compliance with major regulatory frameworks through certified infrastructure providers and internal policies.
GDPR
EU General Data Protection Regulation compliance enabled
ISO 27001
Certified infrastructure providers (Google Cloud, AWS)
SOC 2 Type II
Certified infrastructure providers (Google Cloud, AWS)
DPA
Data Processing Agreement available for all partners
3. Encryption
We use the same encryption standards trusted by governments, banks, and Fortune 500 companies to protect your most sensitive data.
AES-256 Encryption at Rest
All stored data is encrypted using Advanced Encryption Standard with 256-bit keys.
TLS 1.2/1.3 Encryption in Transit
All data transmission uses Transport Layer Security with 2,048-bit keys or better.
Secure Key Management
Encryption keys are stored separately from encrypted data and rotated regularly according to industry best practices.
4. Cloud Infrastructure & Data Transfers
Enterprise-grade cloud hosting with GDPR-compliant international data transfer mechanisms.
Google Cloud & AWS (US)
Primary platform infrastructure hosted on certified providers. SOC 2 Type II and ISO 27001 certified.
Data Transfer Compliance (EU)
GDPR-compliant transfers via Standard Contractual Clauses (SCCs). EU-U.S. Data Privacy Framework certified.
Bennovate Operations (PL)
Partner data and operations managed from Poland (EU). EU entity with native GDPR compliance.
5. Sub-Processors
The following third-party sub-processors may process data on behalf of Bennovate in the delivery of Avantwerk platform services:
| Sub-Processor | Purpose | Location |
|---|---|---|
| HighLevel (GoHighLevel) | Core platform infrastructure | United States |
| Google Cloud Platform (GCP) | Cloud hosting and data storage | United States / Global |
| Amazon Web Services (AWS) | Cloud hosting and data storage | United States / Global |
| Mailgun (Sinch AB) | Transactional email delivery | United States / EU |
| Twilio | SMS and voice communications | United States |
| Stripe | Payment processing | United States / Global |
| Cloudflare | CDN, DDoS protection, DNS | Global |
Data transfer safeguards: All sub-processors with operations outside the EU/EEA operate under Standard Contractual Clauses (SCCs) and/or are certified under the EU-U.S. Data Privacy Framework to ensure GDPR-compliant international data transfers.
6. Incident Response
Our comprehensive incident response protocol ensures rapid detection, containment, and resolution of any security events.
| Phase | Description | Timeframe |
|---|---|---|
| Detection | 24/7 automated monitoring and threat detection systems | Immediate |
| Response | Immediate investigation and threat containment | < 1 Hour |
| Notification | GDPR-compliant breach notification to affected parties | < 72 Hours |
| Resolution | Complete incident reports and remediation plans | Full Report |
7. GDPR Data Subject Rights
We respect and uphold all data subject rights under the General Data Protection Regulation (GDPR).
Right to Access
Request a copy of all personal data we hold about you.
Right to Rectification
Correct any inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data.
Right to Portability
Receive your data in a machine-readable format.
Right to Restrict
Limit how we process your personal data.
Right to Object
Object to certain types of data processing.
Automated Decisions
Right not to be subject to automated decision-making.
Withdraw Consent
Withdraw consent at any time without penalty.
To exercise any of these rights, please contact us at [email protected] or [email protected]. We will respond to your request within 30 days.
8. Important Compliance Information
Disclaimer: While Avantwerk provides features and security measures designed to help you achieve GDPR and other regulatory compliance, use of the platform alone does not automatically make your business compliant. You are responsible for ensuring your own compliance with applicable data protection laws, including how you collect, process, and store personal data.
We recommend consulting with qualified legal counsel to understand your specific compliance obligations. The security certifications referenced (ISO 27001, SOC 2 Type II) apply to our infrastructure providers (Google Cloud Platform and Amazon Web Services).
9. Security Documentation
The following security and compliance documents are available upon request:
- Security & Compliance Overview — Summary of our security posture and compliance certifications
- Data Processing Agreement (DPA) — Standard DPA for partners and customers processing personal data
- GDPR Compliance Guide — Guidance on using Avantwerk in a GDPR-compliant manner
- Sub-Processors List — Current list of all third-party sub-processors
To request any of these documents, please contact [email protected].
10. Contact Us
If you have any questions about our security practices, compliance certifications, or data protection measures, please get in touch.
Get in Touch
Our security team is available to answer your questions and provide additional documentation.
Future of Intelligent Solutions.
We develop and scale AI-powered platform Avantwerk that transforms how companies grow.
Partnerships
Resources
Company
© 2026. Avantwerk. All rights reserved.
"Bennovate presents Avantwerk — The All-in-One AI Business Platform"