[SYS_SEC]

Security Specification

Security & Compliance

No marketing. Technical specifications only.

[SEC_ENC]

Encryption Standard

AES-256-GCM

All data encrypted at rest and in transit. Key rotation every 90 days. HSM backed key storage.

Algorithm
AES-256-GCM (Galois/Counter Mode)
Key Length
256-bit
Key Rotation
90-day automatic rotation
Key Storage
HSM-backed (FIPS 140-2 Level 3)
In Transit
TLS 1.3 with Perfect Forward Secrecy
Certificates
Let's Encrypt with OCSP Stapling
[SEC_GDPR]

GDPR Compliance

Full EU General Data Protection Regulation compliance. Data processing agreements executed before any data handling.

Lawful Basis
Explicit consent + Legitimate interest
Minimization
Collect only what is necessary
Erasure
Automated deletion within 72h of request
DPO
Designated Data Protection Officer
Breach
72-hour breach notification protocol
DPIA
Data Protection Impact Assessment for high-risk processing
[SEC_ZDR]

Zero-Data Retention

Client data is never persisted beyond the active processing window. All intermediate data is cryptographically wiped.

Processing
In-memory only, no disk writes
Cleanup
Cryptographic erasure (DoD 5220.22-M)
Logging
Zero PII in application logs
Backups
Client data excluded from backup scope
Audit
Quarterly third-party retention audit
[SEC_SOC2]

SOC 2 Type II Alignment

Controls aligned with AICPA SOC 2 Trust Service Criteria across all five principles.

Security
Availability
Processing Integrity
Confidentiality
Privacy
[SYS_COMM]

Request a Compliance Review

Need enterprise-grade security for your system? Let us assess your requirements.

security :: audit-log