Skip to main content

Security & Compliance

Enterprise-Grade Security for Your Data

Your product data, pricing, and customer information are your most sensitive assets. We protect them with SOC 2 certified infrastructure, encryption everywhere, and zero-trust architecture.

Certifications & Compliance

SOC 2 Type II

Certified

Independent audit confirms our controls for security, availability, and confidentiality meet AICPA standards.

GDPR Compliant

Compliant

Full compliance with EU General Data Protection Regulation including data processing agreements and right to erasure.

CCPA Compliant

Compliant

California Consumer Privacy Act compliance with transparent data handling practices and opt-out mechanisms.

How We Protect Your Data

Encryption

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Key management via AWS KMS
  • End-to-end encrypted data pipelines

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Single sign-on (SSO) via SAML 2.0
  • Audit logging for all access events

Data Handling

  • Data isolation per customer tenant
  • Automated data retention policies
  • Right to deletion on request
  • No training on customer data

Infrastructure

  • Deployed on AWS with multi-AZ redundancy
  • 99.9% uptime SLA for enterprise plans
  • Automated backups with point-in-time recovery
  • DDoS protection and WAF

Monitoring & Response

  • 24/7 security monitoring
  • Automated threat detection
  • Incident response plan with <4hr SLA
  • Regular penetration testing by third parties

Vendor Security

  • Third-party vendor risk assessments
  • Subprocessor agreements and monitoring
  • Annual security reviews of all partners
  • SOC 2 compliance required for critical vendors

Our Data Promise

Your data stays yours

We never use customer data to train our models. Your product data, pricing, and customer information are processed exclusively for your benefit.

Tenant isolation

Each customer's data is logically isolated in separate tenants. No cross-contamination of data between customers, ever.

Delete on request

Request full deletion of your data at any time. We comply within 30 days as required by GDPR and CCPA, with written confirmation.

Questions About Security?

We're happy to share our SOC 2 report, complete a vendor security questionnaire, or discuss your specific compliance requirements.

Contact Security TeamBook a 15-Min Demo