Security is a core engineering concern at Saturiq. This page summarizes the practices we follow to protect customer data and the platform.
1. Infrastructure
- Hosted on reputable cloud providers operating data centers certified to ISO 27001, SOC 2, and equivalent standards.
- Production environments are isolated from development and staging.
- All traffic between client and server is encrypted using TLS 1.2 or higher.
2. Data protection
- Sensitive data is encrypted in transit and at rest.
- Secrets are stored in dedicated secret managers, never in source control.
- Access to production data is limited to a small set of engineers with audited access.
3. Authentication & access control
- Multi-factor authentication is enforced for all internal accounts.
- Least-privilege role-based access control is applied across systems.
- Administrative actions are logged and reviewed.
4. Application security
- Modern frameworks with built-in protections against common web vulnerabilities (OWASP Top 10).
- Dependency scanning and automated security updates.
- Regular code review and pre-deployment checks.
5. Monitoring & incident response
- Continuous monitoring of availability, errors, and anomalous activity.
- Defined incident-response procedures with timely notification of affected users where required by law.
6. Vendor management
We evaluate third-party providers for security and privacy posture before onboarding and review them periodically thereafter.
7. Responsible disclosure
If you believe you have found a security vulnerability in Saturiq, please report it privately to security@saturiq.com. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate.
8. Contact
For security questions or audit requests, contact security@saturiq.com.