Security & Compliance
We take the security of your employee data seriously. Here’s how we protect it.
Infrastructure Security
π Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your sensitive information is never stored in plain text.
βοΈ Cloud Infrastructure
Hosted on enterprise-grade cloud infrastructure (Microsoft Azure) with SOC 2, ISO 27001, and HIPAA certifications.
π Backups
Automated daily backups with point-in-time recovery. Data is replicated across multiple geographic regions.
Application Security
π Authentication
Support for SSO (SAML, OAuth), multi-factor authentication (MFA), and enterprise identity providers.
π₯ Access Controls
Role-based access controls (RBAC) ensure users only see data they’re authorized to access.
π Audit Logs
Comprehensive audit trails track all data access and changes for compliance and investigation purposes.
Compliance
πͺπΊ GDPR
Fully compliant with the EU General Data Protection Regulation. Data processing agreements available.
β Compliant
πΊπΈ CCPA
Compliant with the California Consumer Privacy Act. We support data access and deletion requests.
β Compliant
π SOC 2 Type II
Third-party audited security controls for service organizations handling customer data.
π In Progress (Q2 2026)
Operational Security
- Penetration Testing: Annual third-party penetration tests
- Vulnerability Scanning: Continuous automated vulnerability scanning
- Incident Response: Documented incident response procedures with 24-hour notification SLA
- Employee Training: All employees complete security awareness training
- Background Checks: Background checks for employees with data access
- Secure Development: Security reviews integrated into our development lifecycle
Uptime & Reliability
99.9%
Uptime SLA
24/7
System Monitoring
<5 min
Incident Detection
Questions?
For security inquiries, compliance documentation, or to report a vulnerability:
- Security Team: security@crimsonmoose.com
- Vulnerability Disclosure: security@crimsonmoose.com (PGP key available on request)