Trust & Safety

Security

How Secberus protects your data and maintains the trust of the organizations that rely on us.

Vulnerability Reporting

Found a security issue? Please report it to our security team at security@secberus.com with detailed information and supporting evidence so we can investigate promptly.

Compliance

Secberus has achieved SOC 2 Type II certification. SOC 2 is part of the American Institute of CPAs (AICPA)'s Service Organization Control reporting framework, which provides assurance about the effectiveness of controls relevant to security, availability, processing integrity, confidentiality, and privacy.

  • Regular security reviews of architecture and critical code
  • Production environment isolated from development, testing, and staging
  • Customer data confined exclusively to production
  • All code changes require review and approval by at least one person

Infrastructure

We implement redundancy through failover systems, content delivery networks, load balancing, and standby replicas. Business Continuity and Disaster Recovery Plans are reviewed annually. Third-party monitoring services track system performance and health continuously.

Application & Data

Architecture & Access

  • Web application and API designed following OWASP guidelines
  • Permissions based on user context and role
  • Single Sign-On with automatic provisioning
  • Role-Based Access Control (RBAC) support
  • Encrypted secrets and API tokens at rest

Data Protection

  • TLS/HTTPS encryption and HSTS enforced for all data in transit
  • AWS storage with nightly encrypted database backups
  • Need-to-know access principle applied across all systems
  • Production AWS access restricted to select employees with two-factor authentication
  • Customer data deleted per Terms of Service upon contract termination

Employee Security

Training & Screening

  • Background screenings required before employment
  • Regular security and privacy awareness training for all staff

Workstation Security

  • Remote management via secure Mobile Device Management (MDM)
  • Disk encryption enforced on all devices
  • Remote wipe capability for lost or stolen equipment