Security

Security Is Our Foundation

As a compliance platform, we hold ourselves to the highest security standards. Here's how we protect your data.

SOC 2 Type II

Compliant

AES-256

Encryption at Rest

TLS 1.3

Encryption in Transit

99.9%

Uptime SLA

How We Protect Your Data

Data Encryption

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption for all data in transit
  • Customer-managed encryption keys (Enterprise)
  • Encrypted database connections via SSL/TLS

Tenant Isolation

  • Complete data isolation between tenants
  • Row-level security policies on all database queries
  • Separate encryption scopes per tenant
  • Isolated processing pipelines for compliance scans

Cloud Infrastructure

  • Hosted on AWS with multi-AZ redundancy
  • Serverless architecture with automatic scaling
  • Private VPC networking with no public database access
  • AWS WAF and Shield for DDoS protection

Access Controls

  • Role-based access control (RBAC) with multiple roles
  • Two-factor authentication (TOTP) with backup codes
  • Session management with automatic token rotation
  • Audit logging of all authentication events

Audit Logging

  • Immutable audit trails for all platform actions
  • Compliance scan history with full result archives
  • User activity logging with IP tracking
  • Data access logging for sensitive operations

Vulnerability Management

  • Regular vulnerability scanning of all infrastructure
  • Automated dependency scanning with Dependabot
  • Penetration testing conducted annually
  • Responsible disclosure program for security researchers

Have a Security Question?

Our security team is available to discuss your requirements and answer questions.

Contact Security Team