Back to home

Trust Center

Security & Compliance at DocuAudit

We understand that trust is earned through transparency. This page outlines the security controls and compliance measures we have in place to protect your data.

Observable Security Controls

Multi-tenant Data Isolation

Customer data is strictly segregated at the database level. Each organization's data is isolated with robust access controls preventing cross-tenant access.

Role-Based Access Control (RBAC)

Granular permission system ensures users only access resources they need. Administrators can configure roles and permissions per organization.

Comprehensive Audit Logging

Every significant action is logged with timestamps, user identity, and context. Audit logs are immutable and available for compliance review.

Encrypted Data Storage

All data is encrypted at rest using AES-256 encryption. Data in transit is protected with TLS 1.3. Encryption keys are managed securely.

Secure API Authentication

JWT-based authentication with secure token handling. API access requires valid credentials and follows principle of least privilege.

Minimal Telemetry

No PII in error tracking or analytics. We collect only the minimum data necessary to maintain and improve the service.

Compliance Alignment

ISO 27001 Aligned

Our security controls are designed following ISO 27001 information security management principles.

SOC 2 Principles

We implement controls aligned with SOC 2 Trust Service Criteria for security, availability, and confidentiality.

GDPR-Ready

Data handling practices designed with GDPR requirements in mind. Data subject rights supported on request.

Compliance documentation and detailed control mapping available on request for qualified enterprise customers.

Data Residency

Data is stored securely in US and EU data centers. Custom data residency options are available on request for enterprise customers with specific requirements.

Security Contact

For security inquiries, vulnerability reports, or to request compliance documentation:

security@docuaudit.io

Standard DPA available on request for enterprise customers.