Security
As a security company, we take the protection of your data extremely seriously. Here's how we keep your information safe.
Encryption
- TLS 1.3 for all data in transit
- AES-256 encryption at rest
- Encrypted database backups
Access Control
- Role-based access control (RBAC)
- Multi-factor authentication available
- Audit logging for all actions
Infrastructure
- EU data residency (GDPR compliant)
- Regular security audits
- DDoS protection
- Isolated scan environments per customer
- 24/7 infrastructure monitoring and alerting
Incident Response
- Documented incident response plan with defined SLAs
- Customer notification within 72 hours of confirmed breach (per GDPR)
- Post-incident review and remediation for every event
Data Retention & Privacy
- Minimal data collection — only what's needed to provide the service
- Scan results auto-deleted after retention period or on request
- We never sell, share, or monetize your data
Compliance
- GDPR compliant — EU data processing and storage
- NIS2-aligned security controls and reporting
- SOC 2 Type II certification planned for 2026
Security Testing
- Regular penetration testing of our own platform
- Automated SAST/DAST in our CI/CD pipeline
- Continuous dependency vulnerability scanning
Personnel Security
- Mandatory security awareness training for all staff
- Least-privilege access model across all systems
- Background checks for employees with data access