Security at ShieldGraph

Security is at the core of everything we build. We protect your data with enterprise-grade security controls, continuous monitoring, and industry-standard compliance frameworks.

Infrastructure Security

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Isolated tenant environments with strict network segmentation
  • Cloudflare DDoS protection and WAF on all endpoints
  • Automated infrastructure provisioning with immutable deployments
  • Regular vulnerability scanning of all infrastructure components

Application Security

  • Regular third-party penetration testing and security audits
  • Automated dependency scanning with continuous monitoring
  • OWASP Top 10 protection across all application layers
  • Static and dynamic application security testing (SAST/DAST)
  • Secure software development lifecycle (SDLC) practices

Data Protection

  • AES-256 encryption for all stored data
  • Strict data retention policies with automatic purging
  • GDPR-compliant data processing and storage
  • Data anonymization and pseudonymization where applicable
  • Regular data backup with encrypted off-site storage

Access Control

  • Role-Based Access Control (RBAC) with granular permissions
  • Multi-Factor Authentication (MFA) support
  • Secure session management with automatic timeouts
  • Comprehensive audit logs for all access and changes
  • Principle of least privilege enforced across all systems

Incident Response

  • 24/7 automated monitoring and alerting
  • Defined response SLAs: Critical < 1 hour, High < 4 hours
  • Transparent communication with affected customers
  • Post-incident reviews and published root cause analyses
  • Regular incident response drills and tabletop exercises

Compliance

  • SOC 2 Type II certification (in progress)
  • GDPR compliant — EU data processing standards
  • CCPA compliant — California consumer privacy rights
  • Regular third-party compliance audits
  • Documented security policies and procedures

Report a Vulnerability

We take security vulnerabilities seriously. If you believe you have found a security vulnerability in ShieldGraph, we encourage you to report it through our responsible disclosure program.

security@shieldgraph.com

Responsible Disclosure Guidelines

  • - Provide detailed reports with reproducible steps
  • - Allow reasonable time for us to address the issue before public disclosure
  • - Do not access or modify other users' data
  • - Do not perform actions that could harm the service or its users