🎉 BIG NEWS 🎉 ✦ Avo 4 has officially SHIPPED ✦ 🚀 the beta is over, 4.0 is here ✦ 🛠️ build admin panels, dashboards & internal tools at light speed ✦ ⭐ you are visitor #1,137,488 ✦ 🎊 tell a friend ✦ best viewed in Ruby on Rails ✦ 👉 click here to see what’s new ✦

Security

Secure by default

Avo touches your most sensitive surface: the internal tools with the keys to everything. We treat the security and integrity of that data as first-class work, not an afterthought. Here is how we think about it on both sides: the framework that runs inside your app, and AvoHQ.io where you manage your account.

Avo, the framework

The gem that runs inside your Rails app. Security here is about keeping your data in your hands and making sure access is gated correctly.

Your data never leaves your app: Avo runs inside your own Rails application, against your own database. The records you manage stay in your infrastructure, under your controls. No customer data is ever shipped to us. We collect only anonymous telemetry and usage stats about how Avo itself is used so we can improve it, never the contents of your database.
Safe by default authorization: The Authorization add-on runs through Pundit policies you already trust. With explicit authorization on, anything you have not deliberately allowed is denied, so a policy you forgot to write locks a record down instead of leaving it open. You whitelist what each role can do rather than trying to blacklist everything you missed.
Integrity down to the field: Authorization reaches every nook and cranny: resources, actions, associations, file fields, search, reorder, and preview each get their own check. The same rules gate the sidebar, the buttons, and the records, so what a user can see and change stays consistent everywhere.
Audit logging: Know who did what. Audit logging records the actions taken in your admin, so changes to your data are traceable and you have an accountability trail when something looks off.
Built and reviewed by people: We use LLMs to move faster, but every release is designed, reviewed, and owned by the core team. Access control is the code you cannot afford to get subtly wrong, so it is engineered and hardened across many real apps, not generated and left alone.
No black box, no lock-in: Avo is conventional Rails. When you hit the edge of what is provided you drop down to plain Ruby instead of trusting a vendor's closed implementation. You can read, audit, and extend exactly what runs in your app.
Battle-tested across many teams: Avo runs in the admins of a large number of teams, exercised well past any single app's happy path. That breadth means edge cases and security issues surface and get caught faster than they would in a one-off build only your team ever runs.
Bugs are in our back yard: When a security issue is found, it is our code in our domain. We fix it once and ship the fix to everyone, instead of you patching a permission layer you wired by hand.

AvoHQ.io

Our hosted site, where you buy and manage licenses and your account. Security here is about handling the little we hold on you with care.

We collect as little as we can: Your AvoHQ.io account holds what we need to run your license and billing: your account details, the licenses you own, and your usage of the site. We do not need or want a copy of the data inside your own Avo app.
Payments handled by Stripe: Checkout and subscriptions run through Stripe. Card details go straight to Stripe and are never stored on our servers, so the most sensitive part of billing sits with a dedicated, PCI-compliant provider.
Encrypted in transit: Every connection to AvoHQ.io is served over HTTPS, so traffic between you and the site is encrypted end to end.
Scoped access to your account: Account membership and roles decide who on your team can see licenses, manage billing, and invite others. Access to your account data is gated the same way we expect you to gate your own.
Report something: Found a vulnerability or have a security question? Email us and we will get back to you quickly. We would rather hear about it from you than read about it later.