Security

Security at SOCWarden

As a security product, we hold ourselves to the highest standards. Here's how we protect your data and our infrastructure.

Data Protection

Encryption in transit

TLS 1.3 for all API and dashboard connections

Encryption at rest

AES-256 for database and object storage

API key security

SHA-256 hashed. Keys shown once at creation, never stored in plaintext.

Data isolation

Row-level security (RLS) per organization. No cross-tenant data access.

Data retention

7–90 days depending on plan. Automatic partition archival to object storage before deletion.

Compliance

SOC 2 Type IIIn progress

GDPRCompliant

NIST CSF 2.0Mapped (6 functions)

PCI DSSNot applicable

Infrastructure

Hosting: Deployed on managed infrastructure with automated failover.

Database: Encrypted database with connection pooling and daily encrypted backups to isolated object storage.

Queue: In-memory queue system with append-only persistence for event and alert processing.

Monitoring: Application metrics on all services with queue depth, error rate, and latency tracking.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@socwarden.com. We acknowledge reports within 24 hours and aim to resolve critical issues within 72 hours.