Security

Enterprise sign-in is delivered through your existing identity provider. We support:

• SAML 2.0 single sign-on (Microsoft Entra ID, Okta, Google Workspace, PingFederate)
• OpenID Connect (OIDC) for modern IdPs
• Multi-factor authentication enforced through your IdP
• SCIM 2.0 for automated user provisioning and de-provisioning In progress
• Local accounts disabled by default for SSO-bound tenants

Session lifetime, IP scoping, and step-up requirements are configurable per tenant.

Access is governed by role-based access control with least-privilege defaults.

• Predefined roles: Owner, Admin, Operator, Analyst, Viewer
• Custom roles and per-site scoping for multi-project deployments
• API access via short-lived, scoped bearer tokens (no long-lived secrets in clients)
• Service-to-service authentication uses mTLS within the VPC
• Sensitive operations require re-authentication and emit audit events

In transit

• TLS 1.3 enforced on all public endpoints; TLS 1.2 acceptable as fallback
• HSTS with preload, modern cipher suites, and certificate transparency monitoring

At rest

• AES-256 encryption for object storage, block storage, and database backups
• Per-tenant data isolation; key separation between control plane and tenant data
• Customer-managed keys (BYOK) on enterprise plans In progress

• Production runs in private VPCs with subnet-level segmentation
• No public database endpoints; databases reachable only through internal service mesh
• WAF, rate limiting, and DDoS protection at the edge
• IP allowlisting and SSO-bound private network access for admin consoles
• Egress filtering on production workloads

• Mandatory peer code review on every change to main branches
• Static analysis (SAST) and dependency scanning on every pull request
• Dependabot and automated patching for critical CVEs within 7 days
• Container image scanning and signed builds
• Branch protection, required CI checks, and signed commits for release branches
• Separate development, staging, and production environments with distinct credentials

• Centralized application, infrastructure, and audit logs with tamper-evident storage
• SIEM-friendly log export (JSON, syslog) for enterprise customers In progress
• Anomaly detection on authentication, privilege changes, and data export
• Uptime and health monitoring with on-call rotation
• Audit logs retained for a minimum of 12 months

We maintain a documented incident response runbook covering detection, containment, eradication, recovery, and post-incident review.

• 24-hour customer notification commitment for confirmed personal data breaches
• Severity classification (SEV-1 to SEV-4) with defined response and communication SLAs
• Coordination with the Saudi Data and Artificial Intelligence Authority (SDAIA) and the National Cybersecurity Authority (NCA) where required
• Post-incident review published to affected customers within 30 days

• Annual third-party penetration test of the platform and public-facing services
• Targeted assessments after major architectural changes
• Executive summary letter available to enterprise customers under NDA
• Findings tracked to remediation with severity-based SLAs (Critical: 7 days; High: 30 days)

We welcome reports from security researchers. See our Vulnerability Disclosure Policy for scope, safe-harbor terms, and reporting process.

• Initial response within 24 hours
• Triage and remediation tracked publicly when possible
• Public acknowledgement (with researcher consent)
• Monetary rewards for qualifying findings Roadmap