GDPR
EU General Data Protection Regulation
ISO 27001
Information Security Management
SOC 2 Type II
Security & Availability Controls
Data Protection
Full GDPR compliance. Annual third-party audits.
- Standard Data Processing Agreements (DPA) with all customers
- Full GDPR subject rights support: access, rectification, erasure, portability
- Breach notification within 72 hours with root cause analysis
- Designated Data Protection Officer with direct board access
Security Controls
Defense-in-depth with multiple protection layers.
- TLS 1.3 enforced for all data in transit with certificate pinning
- AES-256-GCM encryption at rest with customer-managed keys
- Hardware security modules (HSM) for key management
- Real-time SIEM with 24/7 Security Operations Center
Infrastructure Security
Physical Access
Mantrap entry with 24/7 armed security and multi-factor biometric authentication
Power Redundancy
N+1 redundant power with 72-hour diesel generator backup capacity
Fire Suppression
FM-200 clean agent suppression with VESDA early detection
Cooling Systems
Redundant precision cooling with N+1 CRAC units
Penetration Testing
Quarterly penetration testing by external security firms
Monitoring
Real-time SIEM with 24/7 Security Operations Center
Audit Reports
Enterprise customers can request the following compliance artifacts under NDA:
SOC 2 Type II audit report
ISO 27001 certificate
Penetration test summary
Business continuity plan
Disaster recovery plan
Security questionnaire