SECURITY
Enterprise-grade security,
baked in from day one.
Security isn't a feature we added. It's the foundation Core is built on.
🔒
SOC 2 Type II
Certified
💳
PCI DSS
Compliant
🛡
GDPR
Compliant
🔐
TLS 1.3
All traffic encrypted
💾
AES-256
Encryption at rest
Authentication & Access Control
- ✓Multi-factor authentication enforced on all accounts
- ✓SSO via Microsoft, Google, or custom IdP
- ✓Role-based access control (RBAC)
- ✓SCIM user provisioning (Enterprise)
- ✓Passwordless login options
Infrastructure Security
- ✓Hosted on SOC 2 certified cloud infrastructure
- ✓Network isolation with private VPC
- ✓DDoS protection at network layer
- ✓Automated vulnerability scanning
- ✓Annual third-party penetration testing
Data Protection
- ✓AES-256 encryption at rest
- ✓TLS 1.3 for all data in transit
- ✓Data residency options (Enterprise)
- ✓Automated daily backups
- ✓Data deletion within 30 days of request
🐛
Responsible Disclosure
Found a security vulnerability? We take all reports seriously and respond within 24 hours. We don't pursue legal action against good-faith security researchers.
security@galvafy.com →