🔒 ENTERPRISE SECURITY

Security & Privacy
Built for Trust

Your data security is our highest priority. We employ enterprise-grade security measures, encryption, and compliance frameworks to protect your sensitive threat intelligence.

CSA STAR

Level 1

TLS 1.3

Encryption

MFA

Required

ISO 27001

Aligned

GDPR

Compliant

Security Features

Multi-layered security architecture protecting your threat intelligence data

End-to-End Encryption

All data in transit protected with TLS 1.3. Data at rest encrypted using AES-256.

TLS 1.3 for all API communications
AES-256 encryption for stored data
Encrypted database backups
Secure credential storage with bcrypt

Data Processing & Storage

Enterprise-grade PostgreSQL infrastructure with automated backups and redundancy.

PostgreSQL 15+ with row-level security
Daily automated backups with 30-day retention
Geographic redundancy for disaster recovery
Strict access controls and audit logging

Authentication & Access Control

Multi-factor authentication and role-based access with enterprise SSO support.

Mandatory MFA for all organization users
OAuth 2.0 SSO (Google, GitHub, Microsoft, LinkedIn)
JWT tokens with secure rotation
Role-based permissions (Owner, Admin, Security Manager, Analyst, Viewer)

Privacy by Design

GDPR-compliant data handling with user privacy at the core of our architecture.

Minimal data collection principle
User data deletion on account termination
No third-party data selling or sharing
Transparent data processing disclosure

Infrastructure Security

Cloud-native architecture with industry-standard security practices.

Rate limiting and DDoS protection
Web Application Firewall (WAF)
Regular security patches and updates
Network segmentation and isolation

Compliance & Certifications

CSA STAR Level 1 certified with GDPR-compliant data processing.

CSA STAR Level 1 - Self-Assessment (Certified)
GDPR compliant data processing
Industry-standard security practices
Regular security assessments
Documented incident response procedures

Data Flow

Transparent data processing from collection to secure delivery

Data Collection

Threat intelligence gathered from public sources, dark web, and security feeds

Processing

Data processed, normalized, and enriched with AI-powered analysis

Storage

Encrypted storage in secure PostgreSQL database with access controls

Delivery

Secure API delivery with TLS encryption and authentication

Compliance & Data Protection

Committed to the highest standards of data protection and regulatory compliance

Data Processing Agreement (DPA)

We act as a data processor for customer data, with clear contractual obligations:

Process data only on customer instructions
Maintain appropriate technical and organizational security measures
Assist with data subject requests (access, deletion, portability)
Notify customers of data breaches within 72 hours
Delete or return data upon contract termination

GDPR Compliance

Full compliance with EU General Data Protection Regulation:

Legal basis for processing: Legitimate interest and contract performance
Data minimization - only collect necessary information
Right to access, rectification, erasure, and data portability
Data protection impact assessments for high-risk processing
EU-based data processing available for EU customers

Data Retention

Clear policies for data lifecycle management:

Threat intelligence data: Retained for platform effectiveness
User account data: Deleted within 30 days of account closure
Audit logs: 90-day retention for security monitoring
Backups: 30-day retention with secure deletion
Customers can request data deletion at any time

Questions About Security?

Our security team is here to answer your questions and provide documentation

Security & PrivacyBuilt for Trust