SECURITY

Enterprise-grade security,
baked in from day one.

Security isn't a feature we added. It's the foundation Core is built on.

🔒
SOC 2 Type II
Certified
💳
PCI DSS
Compliant
🛡
GDPR
Compliant
🔐
TLS 1.3
All traffic encrypted
💾
AES-256
Encryption at rest

Authentication & Access Control

  • Multi-factor authentication enforced on all accounts
  • SSO via Microsoft, Google, or custom IdP
  • Role-based access control (RBAC)
  • SCIM user provisioning (Enterprise)
  • Passwordless login options

Infrastructure Security

  • Hosted on SOC 2 certified cloud infrastructure
  • Network isolation with private VPC
  • DDoS protection at network layer
  • Automated vulnerability scanning
  • Annual third-party penetration testing

Data Protection

  • AES-256 encryption at rest
  • TLS 1.3 for all data in transit
  • Data residency options (Enterprise)
  • Automated daily backups
  • Data deletion within 30 days of request
🐛

Responsible Disclosure

Found a security vulnerability? We take all reports seriously and respond within 24 hours. We don't pursue legal action against good-faith security researchers.

security@galvafy.com →