Security & Compliance
Your data security is our foundation
We don't treat security as a checkbox. It's built into every layer of our platform — from how we handle data to how we respond to incidents.
Data Handling
- All data encrypted at rest using AES-256 encryption
- TLS 1.3 for all data in transit
- Data stored in SOC 2 certified US-based data centers
- Automatic backups with 30-day retention
- Data isolation between tenant accounts
- PII is tokenized and stored separately from operational data
Compliance Scope
- SOC 2 Type II certified (annual audit)
- GDPR compliant for EU data subjects
- CCPA compliant for California residents
- Fair Housing Act compliant verification processes
- PCI DSS compliant payment processing
- Regular third-party penetration testing
Internal Controls
- Role-based access control (RBAC) for all employees
- Multi-factor authentication required for all internal systems
- Quarterly access reviews and privilege audits
- Security awareness training for all team members
- Background checks for all employees with data access
- Principle of least privilege enforced across infrastructure
Incident Response
- 24/7 security monitoring and alerting
- Documented incident response plan with defined SLAs
- Notification within 72 hours for data breaches (GDPR requirement)
- Post-incident review and remediation process
- Regular incident response drills and tabletop exercises
- Dedicated security team with on-call rotation