Security at LiteSOC
We take security seriously. Your data is protected with enterprise-grade security measures at every layer of our platform.
How We Protect Your Data
Encryption at Rest
All data stored in our databases is encrypted using AES-256 encryption, the same standard used by banks and government agencies.
- AES-256 bit encryption for all stored data
- Encrypted database backups
- Secure key management with regular rotation
Encryption in Transit
All data transmitted between your systems and LiteSOC is protected with the latest encryption protocols.
- TLS 1.3 for all API communications
- HTTPS enforced across all endpoints
- Certificate pinning for mobile apps
Row Level Security (RLS)
Our database implements Row Level Security, ensuring each organization can only access their own data at the database level.
- Database-enforced access controls
- Multi-tenant data isolation
- No cross-organization data leakage possible
Secure API Keys
API keys are hashed using SHA-256 before storage. We never store plaintext API keys in our database.
- SHA-256 hashed API keys
- One-way hashing (keys cannot be recovered)
- Easy key regeneration if compromised
Authentication
Secure authentication powered by industry-leading identity providers with support for multiple authentication methods.
- OAuth 2.0 / OpenID Connect support
- Secure session management
- Password policies with strength requirements
Infrastructure Security
Our infrastructure is hosted on SOC 2 compliant cloud providers with enterprise-grade security measures.
- SOC 2 Type II compliant infrastructure
- Automatic security patches
- DDoS protection and mitigation
- Network isolation and firewalls
IP Address Data Handling
We collect and store IP addresses as part of our security monitoring service. Here's how we handle this sensitive data:
- Purpose: IP addresses are used for security detection features including brute force detection, geo-anomaly alerts, and threat analysis.
- Storage: IP addresses are stored encrypted at rest and protected by Row Level Security, ensuring only your organization can access them.
- Retention: IP data is retained according to your plan's retention period (7 days Free, 30 days Pro, custom for Enterprise).
- Access: Only authorized personnel with legitimate business needs can access IP data, and all access is logged.
Security Practices
Access Logging
All access to customer data is logged and monitored for security purposes.
Data Retention
Configurable data retention periods based on your plan and compliance requirements.
Incident Response
24/7 security monitoring with rapid incident response procedures.
Employee Security
Background checks and security training for all employees with data access.
Compliance & Certifications
GDPR Compliant
We comply with the EU General Data Protection Regulation
SOC 2 Infrastructure
Hosted on SOC 2 Type II certified infrastructure
Data Residency
Options for EU or US data storage
Data Processing Agreement
DPA available for enterprise customers
Responsible Disclosure
We appreciate the security research community and welcome responsible disclosure of any vulnerabilities you may find. If you discover a security issue, please report it to us.
Have Security Questions?
We're happy to answer any questions about our security practices or provide additional documentation for enterprise customers.