Security & Compliance

We take security seriously. Here's how we protect your data.

Data Encryption

All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted using AES-256. We use industry-standard encryption protocols to ensure your information is secure.

Access Control

We implement role-based access control (RBAC) and the principle of least privilege. Users only have access to the data they need for their role. Admin access is restricted and logged.

Authentication

Passwords are hashed using bcrypt with salt
Optional two-factor authentication (2FA) available
Microsoft 365 OAuth integration for enterprise SSO
Session management with secure cookies

Compliance

GDPR: Compliant with EU data protection regulations
SOC 2 Type II: Regular third-party audits
ISO 27001: Information security management certified
CCPA: California Consumer Privacy Act compliant

Backups & Disaster Recovery

We maintain automated daily backups with redundancy across multiple geographic locations. Recovery time objective (RTO) is less than 4 hours. We test backups regularly to ensure data integrity.

Vulnerability Management

Regular security audits and penetration testing
Automated vulnerability scanning
Responsible disclosure program
Immediate patching of critical vulnerabilities

Monitoring & Logging

All access and changes are logged and monitored. We use automated alerting for suspicious activity. Logs are retained for 90 days and archived for compliance.

Third-Party Security

We carefully vet all third-party vendors and service providers. All integrations are reviewed for security. We maintain data processing agreements (DPAs) with all vendors.

Report a Vulnerability

If you discover a security vulnerability, please email security@815.media with details. We take all reports seriously and will respond within 24 hours.

Questions?

For security questions or to request our security documentation, contact support@815.media