Infrastructure Security
Defense in depth
Encryption at Rest
All data encrypted with AES-256. Keys managed via HSM.
Encryption in Transit
TLS 1.3 for all communications. Certificate pinning available.
Access Controls
Role-based access with MFA. SSO via SAML and OIDC.
Audit Logging
Immutable logs of all actions. Exportable for compliance.
Network Security
VPC isolation, WAF protection, DDoS mitigation.
Data Residency
Choose your region: US, EU, or APAC. Self-hosted option.
Compliance
Certifications & standards
SOC 2 Type II
In ProgressSecurity, availability, and confidentiality controls
GDPR
CompliantEU data protection requirements
CCPA
CompliantCalifornia consumer privacy
ISO 27001
PlannedInformation security management
Security Practices
How we stay secure
Security is a continuous process, not a checkbox. We invest heavily in proactive security measures.
- Regular penetration testing by third-party security firms
- Bug bounty program for responsible disclosure
- Security-focused code reviews for all changes
- Automated vulnerability scanning in CI/CD
- Employee security training and background checks
- Incident response plan with 24/7 on-call rotation
Security questions or concerns?
Our security team is available to discuss your requirements, provide documentation, or address any concerns.