Security and compliance at Ably

• 256-bit AES encryption available using your private key, meaning no one, even Ably, can read your messages without your private key.

• All client-to-server communication is secured by TLS by default ensuring server-to-server communication is always secure.

• We can detect and deny invalid connection attempts at the edge of our network ensuring our core infrastructure is unaffected.

• Our near-limitless scale means we can mitigate huge increases in traffic and defend against DDoS attacks - so you benefit from our scale as attacks have no effect on your own servers.

• Low TTLs on DNS routing means we can route real users away from data centres under attack.

• We rate limit requests by account, app, token, key and IP address.

• Token-based authentication, including JWT support, ensures API keys remain private, and compromised tokens have limited value because of their expiration.

• Support for basic authentication over TLS connections for authentication convenience.

• Security policies can be assigned to authentication tokens when you create them, giving you control and peace of mind at all times.

• Rights can be assigned to API key(s) - giving you control over any API key(s) you share with 3rd parties.

• Policies can assign privileges to access any number of channels, and assign rights to subscribe, publish, register presence, or access statistics.

Ably regularly completes audits of our product, infrastructure, and policies to the satisfaction of the SOC 2 Type 2 standard.

Ably offers HIPAA BAA agreements to companies in the healthcare industry that must comply with regulations for safeguarding.

• Any usage of personal data is communicated with the proper consent.

• Personal data is properly collected, stored, and documented.

• Relevant processes are followed for transfers of personal data outside the European Union.

• For more information, see our data protection and privacy policies.

• Control routing of your data streams.

• Store data and realtime messages solely within the EU or US.