Trust Center

The company you trust to secure you, secures itself first.

We hold ourselves to the same standard we promise our customers. This page documents exactly how S-Security protects your data — our certifications, controls, subprocessors, and the commitments behind them.

Request compliance documents Report a vulnerability

Certifications & attestations

Independently audited, continuously verified

Our controls are tested by third-party auditors — not self-declared. Current attestations are available under NDA through your account team.

SOC 2 Type II ISO/IEC 27001:2022 ISO/IEC 27017 (Cloud) ISO/IEC 27018 (Privacy) GDPR CCPA / CPRA HIPAA aligned PCI DSS Level 1 NIST CSF 2.0

SOC 2 Type II

An annual SOC 2 Type II report covers all five Trust Services Criteria — security, availability, processing integrity, confidentiality, and privacy — across a continuous 12-month observation window.

ISO/IEC 27001

Our information security management system (ISMS) is certified to ISO/IEC 27001:2022, with risk treatment, internal audits, and management review running on a documented annual cadence.

GDPR & CCPA

We act as both data controller and processor under GDPR and the CCPA/CPRA. Standard Contractual Clauses and a Data Processing Addendum are available for every enterprise contract.

Data handling

Your data, governed end to end

We collect the minimum telemetry needed to defend you, store it in the region you choose, and delete it on a defined schedule. You always retain ownership of your data.

Data residency in the US, EU, UK, or APAC — selected at onboarding and never moved without authorization.
Tenant isolation enforced at the storage, compute, and identity layers.
Configurable retention with cryptographic erasure on contract termination.
Least-privilege access with mandatory MFA, just-in-time elevation, and full audit logging.

Encryption

Encrypted in transit and at rest

Strong cryptography is enforced everywhere — no exceptions, no legacy protocols.

TLS 1.2+ for all data in transit, with HSTS and modern cipher suites only.
AES-256 encryption for data at rest across every storage tier.
Keys managed in FIPS 140-2 validated HSMs with automated rotation.
Optional customer-managed keys (BYOK) for enterprise tenants.

Platform uptime SLA

Mean time to detect

Customer data breaches to date

Security monitoring

Live component health is published on our status page →

Subprocessors

Who we trust with your data

We use a short, vetted list of subprocessors. Each is bound by a data processing agreement and reviewed against our vendor risk standard. We post 30 days' notice before any change.

Subprocessor	Purpose	Data processed	Region
Amazon Web Services	Primary cloud infrastructure & storage	Telemetry, account data	US / EU / APAC
Microsoft Azure	Secondary compute & disaster recovery	Telemetry, backups	US / EU
Cloudflare	Edge security, DDoS protection, WAF	Network metadata	Global edge
Snowflake	Threat analytics data warehouse	Pseudonymized telemetry	US / EU
Twilio	Alert delivery (SMS, voice)	Contact details	US
Payment processor	Subscription billing & payments	Billing data	US / EU
Zendesk	Support ticketing	Support correspondence	US / EU

Responsible disclosure

Found a vulnerability in our platform? We welcome and reward good-faith research under a clear safe-harbor policy. Report to security@s-security.io.

Read our disclosure policy

Compliance documents

Need our SOC 2 report, ISO certificate, penetration test summary, DPA, or security questionnaire responses? Your account team can share them under NDA, usually within one business day.

Request documents

Due diligence made easy

Everything your security team needs to say yes

Get our complete trust package — certifications, controls mapping, and a live walkthrough with one of our security engineers.

Request a Demo Talk to Sales