Trust and Security

Aleverum™ is being built as a trusted product intelligence platform for evidence-backed Digital Product Passports, verification workflows, supplier data, audit trails, and enterprise product governance.

Security, privacy, data integrity, and controlled platform operations are central to how Aleverum™ is being developed. Our approach combines secure software delivery practices, managed Laravel Cloud infrastructure, role-based access, structured evidence workflows, and compliance-aware governance.

Aleverum™ is hosted on Laravel Cloud infrastructure. Laravel Cloud has achieved SOC 2 Type 2 attestation for Security, Confidentiality, and Availability, while ISO 27001 is listed by Laravel as part of its future compliance roadmap.

Aleverum™ itself does not claim independent ISO 27001, SOC 2, or ISO 9001 certification unless formally audited and certified.

1. Platform Security

Aleverum™ is designed to support secure handling of product records, supplier evidence, sustainability claims, certification data, verification workflows, and enterprise product intelligence.

The platform is being developed with security controls that support:

• Role-based access control
• Controlled user permissions
• Secure authentication workflows
• Audit trails for important platform activity
• Evidence and document governance
• Supplier and verifier workflow separation
• Controlled access to sensitive product and compliance data
• Secure data handling across product, supplier, and verification records

This helps organisations manage product data in a more structured, traceable, and accountable way.

2. Infrastructure & Hosting

Aleverum™ uses Laravel Cloud infrastructure to support secure, scalable, and managed application hosting.

Laravel Cloud is described by Laravel as a fully managed infrastructure platform for deploying and scaling Laravel applications, including managed compute, databases, key-value storage, file/object storage, zero-downtime deployments, and scaling capabilities.

For enterprise environments, Aleverum™ may leverage Laravel Private Cloud options. Laravel describes Private Cloud as a fully isolated environment operated end-to-end by Laravel, designed to provide the control, security, and compliance posture of enterprise-ready infrastructure.

This infrastructure approach supports:

• Managed application hosting
• Isolated deployment options
• Controlled infrastructure access
• Scalable platform performance
• Stronger data-governance foundations
• Enterprise-ready hosting options
• Reduced operational burden for internal engineering teams

3. Software Delivery & Change Control

Aleverum™ is developed using controlled software delivery practices to support traceable, standardised, and auditable platform updates.

Our development and deployment workflow may include:

• Version-controlled source code management
• Structured CI/CD release processes
• GitHub Actions
• Laravel Cloud deployments
• Controlled release management
• Deployment traceability
• Review and testing before production changes
• Standardised development workflows

These practices help reduce unmanaged change, support operational consistency, and provide a stronger foundation for enterprise security and governance.

4. Privacy & Data Protection

Aleverum™ is being developed with privacy-aware product data governance in mind.

The platform is intended to support structured handling of product, supplier, certification, evidence, and verification-related data. This includes controls and workflows that can assist customers with managing access, transparency, documentation, and data accountability.

Aleverum™ is aligning its privacy and data-governance approach with applicable privacy and data-protection requirements, including GDPR, CCPA, and other relevant privacy obligations where applicable.

Privacy-related considerations include:

• Controlled access to sensitive records
• Structured evidence and document handling
• Audit trails for key actions
• Data minimisation where appropriate
• Purpose-based data collection
• Secure storage and access management
• Support for customer data-governance obligations
• Privacy-aware supplier and verification workflows

Laravel’s enterprise material also states that Laravel Cloud supports GDPR and CCPA compliance obligations; however, Aleverum™ still requires its own privacy policy, operational controls, data-processing processes, and customer agreements to support its own privacy obligations.

5. Audit Trails & Evidence Governance

Aleverum™ is built around the principle that product data should be evidence-backed, structured, and traceable.

The platform is designed to help organisations connect product records with supporting evidence, certifications, lifecycle information, sustainability claims, supplier inputs, verification outcomes, and governance documentation.

Aleverum™ supports evidence governance through:

• Product-level evidence records
• Supplier-submitted documentation
• Certification and standards records
• Sustainability and compliance claim support
• Verification workflow tracking
• Audit trail visibility
• Structured document association
• Evidence-backed product intelligence
• Review and approval workflows

This allows organisations to move beyond static product disclosure and toward trusted, machine-readable product data ecosystems.

6. Compliance Alignment

Aleverum™ is being developed with enterprise-readiness and compliance alignment in mind.

Aleverum™ does not claim independent certification under ISO 27001, SOC 2, ISO 9001, HIPAA, GDPR, or CCPA unless formally audited, certified, or legally assessed.

However, our platform governance and operational roadmap are being aligned with recognised security, privacy, quality, and governance frameworks, including:

• ISO/IEC 27001 for information security management alignment
• SOC 2 for security, availability, and confidentiality control alignment
• ISO 9001 for quality management process alignment
• GDPR for EU privacy and data-protection obligations
• CCPA for California privacy obligations
• Applicable Australian privacy and data-protection requirements

Laravel Cloud has achieved SOC 2 Type 2 attestation for Security, Confidentiality, and Availability. Laravel’s compliance documentation also states that ISO 27001 is a future compliance roadmap initiative.

This means Aleverum™ can reference Laravel Cloud’s infrastructure-level assurance, but Aleverum™ must still maintain its own application-level security controls, policies, operational procedures, legal documentation, and customer data-governance processes.

7. Responsible Disclosure / Security Contact

Aleverum™ takes platform security seriously.

Security researchers, customers, partners, and users who identify a potential vulnerability or security concern are encouraged to contact our team directly.

Security contact:
security@aleverum.com

Please include:

• A clear description of the issue
• Steps to reproduce the concern, where possible
• The affected page, workflow, endpoint, or account type
• Screenshots or supporting information, if relevant
• Your contact details for follow-up

We ask that security concerns are reported responsibly and not publicly disclosed before Aleverum™ has had an opportunity to investigate and respond.

FAQ

Is Aleverum™ ISO 27001 certified?

Not at this stage, unless formally confirmed. Aleverum™ is aligning its internal security governance with ISO/IEC 27001 principles, but it does not claim ISO 27001 certification unless independently audited and certified.

Is Aleverum™ SOC 2 certified?

Aleverum™ itself does not currently claim independent SOC 2 certification unless formally audited. However, Aleverum™ is hosted on Laravel Cloud infrastructure, and Laravel Cloud has achieved SOC 2 Type 2 attestation for Security, Confidentiality, and Availability.

Is Aleverum™ GDPR or CCPA compliant?

Aleverum™ is being developed with privacy-aware data governance and alignment with GDPR, CCPA, and applicable privacy obligations. Full compliance depends on Aleverum’s own privacy policy, data-processing terms, operational procedures, customer configuration, and applicable legal requirements.

Does Laravel Cloud compliance automatically make Aleverum™ compliant?

No. Laravel Cloud provides important infrastructure-level assurance, but Aleverum™ must still maintain its own application-level controls, policies, security procedures, privacy documentation, customer agreements, and operational governance.