Security at Softontrent

Last updated: January 2025

Our Security Commitment

At Softontrent, security is fundamental to everything we do. We understand that our clients trust us with their most sensitive business data and we take this responsibility seriously. Our comprehensive security program ensures your data remains protected at every level.

Infrastructure Security

Data Centers

24/7 physical security monitoring
Biometric access controls
Redundant power and cooling systems
Geographic distribution for disaster recovery
SOC 2 Type II and ISO 27001 certified facilities

Network Security

Enterprise-grade firewalls and intrusion detection systems
DDoS protection and mitigation
Network segmentation and isolation
Regular penetration testing and vulnerability assessments
Continuous monitoring and threat detection

Data Protection

Encryption

In Transit: TLS 1.3 encryption for all data transmissions
At Rest: AES-256 encryption for stored data
Key Management: Hardware security modules (HSM) for key storage
End-to-End: Optional end-to-end encryption for sensitive workflows

Data Isolation

Multi-tenant architecture with strict data isolation
Dedicated encryption keys per customer
Role-based access controls (RBAC)
API rate limiting and throttling

AI Security

Model Security

Adversarial testing to prevent model manipulation
Input validation and sanitization
Output filtering for sensitive information
Model versioning and rollback capabilities
Isolated processing environments

Privacy-Preserving AI

Differential privacy for aggregate analytics
Federated learning where applicable
Data minimization principles
Automatic PII detection and redaction

Access Control

Authentication

Multi-factor authentication (MFA) support
Single Sign-On (SSO) integration via SAML 2.0
Password complexity requirements
Account lockout policies
Session management and timeout controls

Authorization

Granular role-based permissions
Principle of least privilege
Regular access reviews and audits
API key management and rotation

Operational Security

Monitoring and Logging

24/7 security operations center (SOC)
Real-time threat detection and response
Comprehensive audit logging
Log retention and analysis
Security incident and event management (SIEM)

Incident Response

Dedicated incident response team
Defined escalation procedures
Customer notification within 72 hours
Post-incident analysis and improvement
Regular incident response drills

Compliance and Certifications

GDPR: Full compliance with EU data protection regulations
ISO 27001: Information security management certification
SOC 2 Type II: Annual third-party security audits
CCPA: California Consumer Privacy Act compliance
UK Data Protection Act: Full compliance with UK regulations

Employee Security

Background checks for all employees
Security awareness training
Confidentiality agreements
Clean desk policy
Secure development lifecycle (SDLC) training

Business Continuity

Backup and Recovery

Automated daily backups
Geographically distributed backup storage
Regular restoration testing
Point-in-time recovery capabilities
Recovery Time Objective (RTO): 4 hours
Recovery Point Objective (RPO): 1 hour

Disaster Recovery

Comprehensive disaster recovery plan
Multiple availability zones
Automatic failover capabilities
Regular DR testing and simulation

Vulnerability Management

Regular security assessments and audits
Automated vulnerability scanning
Responsible disclosure program
Patch management and updates
Third-party penetration testing

Data Deletion

Immediate removal from production systems
Backup deletion within 30 days
Secure data wiping procedures
Certificate of deletion available upon request

Reporting Security Issues

If you discover a security vulnerability, please report it to our security team immediately. We appreciate responsible disclosure and will work with you to address the issue promptly.

Have Questions?

Our security team is here to help. Contact us for more information about our security practices or to request our detailed security whitepaper.