Research Project: This is a free AI research project. No warranties, SLAs, or company associations. Learn more

Security & Compliance

Enterprise SecurityBuilt for MSPs

Enterprise-grade infrastructure with end-to-end encryption, multi-tenant isolation, and comprehensive audit logging. Your clients trust you with their data. We help you keep that trust.

Request Security OverviewVisit Trust Center
SOC 2 Type II
Aligned
GDPR
Aligned
ISO 27001
Roadmap
HIPAA
Roadmap
Certifications

Compliance & Certifications

Industry-recognized certifications and compliance standards

SOC 2 Type II Aligned

Our systems and processes follow SOC 2 Trust Services Criteria for security, availability, and confidentiality.

  • Controls aligned to SOC 2 security, availability, and confidentiality criteria
  • Continuous monitoring of security controls and access patterns
  • Comprehensive controls covering all aspects of data handling
  • Audit logging and compliance evidence collection
  • Pursuing formal certification - timeline available on request
Request Security Overview

GDPR Aligned

Controls and processes aligned with GDPR requirements for EU data protection and privacy.

  • Data Processing Agreements (DPA) available for all customers
  • Right to access, rectification, and erasure supported
  • Data portability in machine-readable formats
  • Records of processing activities maintained
  • 72-hour breach notification commitment
View Privacy Policy
Security Controls

How We Protect Your Data

Multiple layers of security to ensure your MSP and client data stays safe

Data Encryption

At Rest and In Transit

In TransitTLS 1.3 with forward secrecy for all connections
At RestAES-256-GCM encryption for all stored data
Key ManagementTenant-specific encryption keys with automatic rotation
CredentialsZero-knowledge architecture - credentials never stored in plaintext

Multi-Tenant Isolation

Complete Data Separation

DatabaseRow-level security (RLS) policies on all tenant tables
APITenant-scoped authentication on every request
InfrastructureLogical separation with no cross-tenant data access possible
TestingRegular penetration testing validates isolation controls

Access Controls

Principle of Least Privilege

AuthenticationSSO support, MFA required for all admin access
AuthorizationRole-based access control (RBAC) with granular permissions
Session ManagementSecure token handling with automatic expiration
Admin AccessJust-in-time access with full audit logging

Audit Logging

Complete Visibility

CoverageEvery action logged with user, timestamp, and context
RetentionImmutable audit logs retained for 12+ months
ExportAudit data exportable for compliance reporting
AlertingReal-time alerts on suspicious activity patterns
Incident Response

Incident Response

Documented incident response procedures ensure rapid detection, containment, and recovery.

Minutes
Detection

24/7 monitoring with automated anomaly detection

< 1 Hour
Containment

Immediate isolation of affected systems

< 72 Hours
Notification

Customer notification per GDPR requirements

As Needed
Recovery

Full restoration with root cause analysis

Additional Capabilities

Runbooks for common incident types
Regular tabletop exercises
Relationships with forensic experts
Cyber insurance coverage
Security Testing

Penetration Testing

Regular security assessments by independent experts validate our security controls.

Frequency:Annual third-party penetration tests
Scope:Full application and infrastructure testing
Methodology:OWASP Top 10 and PTES framework
Remediation:Critical findings patched within 24 hours
Validation:Re-testing confirms all findings resolved
Continuous:Automated vulnerability scanning daily

Latest Assessment

Our most recent penetration test was conducted by an independent security firm using industry-standard methodologies.

0
Critical
0
High
100%
Remediated
Request Summary Report
Data Sovereignty

Data Residency Options

Choose where your data is stored to meet regulatory and compliance requirements.

Available Regions

United StatesDefault
Digital Ocean NYC/SF
Available
European Union
Digital Ocean AMS/FRA
Available
Canada
Digital Ocean TOR
Coming Soon
Australia
Digital Ocean SYD
Planned

Data Residency Guarantees

Data never leaves your selected region
All backups stored within the same region
Processing occurs in-region only
Meet local data sovereignty requirements

Need a specific region?
Contact us to discuss your data residency requirements.

Resources

Trust Center

Access our compliance documentation and security resources.

Security Controls Overview

Detailed security architecture and controls

Request Document

Data Processing Agreement

Standard DPA for data protection

Request Document

Security Whitepaper

Technical security architecture overview

Request Document

Vulnerability Management

Approach to vulnerability detection and remediation

Request Document

Subprocessor List

Current list of data subprocessors

Request Document

Business Continuity Plan

BC/DR overview and RTO/RPO commitments

Request Document

Security FAQ

Common questions about our security practices

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. We implement row-level security (RLS) in our database to ensure complete tenant isolation. Your data is backed up daily with point-in-time recovery capabilities. We never access your data except when explicitly authorized for support purposes.

Questions About Security?

Our security team is here to help. Request our SOC 2 report or schedule a security review call.

Contact Security TeamBook a Demo