Data Protection

Security Controls

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Secrets isolation; per-tenant key vaults; role-based access with audit trails.
• SSO/SAML/OAuth2 and mandatory MFA for console access.

Storage & Retention

• Data region pinned per contract; backups retained for 30–90 days.
• Customer can request export or deletion at any time; deletion SLA 30 days.

Sub-processors

Sub-processors (if any) and regions will be listed in the Master Service Agreement and updated change-log.

Breach Notification

In the event of a confirmed incident affecting customer data, we notify primary contacts without undue delay and provide root-cause analysis within 5 business days.