๐
Data Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Encryption keys managed via AWS KMS with automatic rotation.
AES-256TLS 1.3AWS KMS
๐๏ธ
SOC 2 Type II Certified
Independently audited and certified for Security, Availability, and Confidentiality trust service criteria. Report available under NDA.
SOC 2 Type IIAnnual AuditAICPA
๐ช๐บ
GDPR & PDPA Compliant
Full compliance with GDPR (EU) and PIPEDA (Canada). Data residency options available โ your data stays in your region.
GDPRPDPAData Residency
๐ฅ
Role-Based Access Control
Granular RBAC with custom roles, entity-level permissions, and field-level access controls. SSO via SAML 2.0 and OIDC.
RBACSAML 2.0OIDC / SSO
๐
Immutable Audit Trail
Every action โ data change, approval, login, export โ is logged with timestamp, user, and IP address. Tamper-proof and exportable.
Immutable LogFull HistoryExportable
๐
Network Security
Hosted on AWS with VPC isolation, WAF protection, DDoS mitigation, and private endpoints for ERP integrations. 99.9% SLA.
AWS VPCWAFDDoS Protection
๐
Multi-Factor Authentication
MFA enforced for all users by default. Supports TOTP authenticator apps, hardware security keys (FIDO2/WebAuthn), and SMS fallback.
TOTPFIDO2 / WebAuthnSMS
๐
Penetration Testing
Annual third-party penetration testing by CREST-certified security firms. Findings remediated within defined SLAs. Summary available on request.
CREST CertifiedAnnual TestingCVE Tracking