Avikto

Security

Built to withstand an audit.

Every access decision, every record change, and every export in Avikto is defensible. Security is not a layer added on top — it is how the platform works.

Need-to-know access, enforced at the data layer.

Access controls run server-side, not in the UI. Permissions are inherited from roles and narrowed per case. What you see in this matrix is exactly what the system enforces.

Allowed
Restricted
Not allowed
Permission matrix
RoleView caseEdit caseAdd evidenceExport recordsManage accessDelete case
Case Owner
Investigator
Reviewer
Auditor
Guest

Access & Identity

Role-based access control

Permissions are assigned by role and narrowed per case. Least-privilege is the default.

Case-level access grants

Access is explicit per case. An investigator on one case cannot see another unless granted.

SSO — SAML 2.0 / OIDC

Connect your identity provider. All authentication flows through your IdP.

SCIM provisioning

User lists stay synchronized. Deprovisioning is immediate.

Data & Storage

Data residency

Choose where case data is stored. Regional isolation available for GDPR and sector-specific mandates.

Encryption at rest and in transit

AES-256 at rest. TLS 1.2+ in transit. No exceptions.

Retention policies

Define retention schedules by case type, jurisdiction, and regulation. Purge with an auditable record.

Redaction controls

Sensitive fields can be redacted from non-owners, even within the same team.

Audit & Evidence

Tamper-evident audit trail

Every action is an immutable, attributed, time-stamped entry. Nothing can be silently edited.

Change versioning

All record changes are versioned. Prior versions are preserved and attributable.

Legal hold

Records under legal hold are exempt from retention purge until the hold is lifted and documented.

One-click export

Full chain-of-custody record exported as PDF or CSV, formatted for regulators and legal teams.

Certifications — placeholders, audits in progress

The following certifications are in process. Placeholder indicators are shown for visibility. Do not rely on these for compliance decisions until formal certification is confirmed.

SOC 2 Type II

Audit in progress

(placeholder)

ISO 27001

Certification in progress

(placeholder)

GDPR

DPA available on request

(placeholder)

HIPAA Ready

BAA available on request

(placeholder)

See Avikto on your cases.

We walk through the full lifecycle using case types your team actually handles — intake, routing, investigation, and export.

Request a demoExplore the platform

No sales pitch. No deck. A working demo on your use case.