← Back to Home

Security at SoftCode

Last updated: February 24, 2026

Security is foundational to everything we build at SoftCode. We handle sensitive business data on behalf of our clients, and we treat that responsibility with the rigor it demands. Below is an overview of how we protect your data and systems.

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. API communications are authenticated with signed tokens and short-lived credentials.

Row Level Security

Our PostgreSQL databases enforce Row Level Security (RLS) policies at the database layer. Every query is scoped to the authenticated user, ensuring complete data isolation between clients — even in multi-tenant environments.

SOC 2-Compliant Infrastructure

Our services run on SOC 2 Type II compliant infrastructure provided by AWS and Vercel. This includes physical security, network isolation, access logging, and continuous monitoring across all production systems.

Access Controls

We enforce the principle of least privilege across our organization. Access to production systems is restricted to authorized personnel, requires multi-factor authentication, and is logged and audited regularly.

Secret Management

API keys, database credentials, and service tokens are stored in encrypted vaults with automatic rotation. Secrets are never hardcoded, committed to version control, or exposed in client-side code.

Network Security

Production environments are isolated within private networks with strict firewall rules. All external access passes through authenticated API gateways with rate limiting and DDoS protection.

Regular Audits

We conduct regular security assessments including dependency vulnerability scanning, penetration testing, and code reviews. Identified issues are triaged and remediated according to severity.

Incident Response

We maintain a documented incident response plan with defined escalation procedures. In the event of a security incident, affected clients are notified within 72 hours with a full impact assessment and remediation plan.

Data Processing Commitment

  • We do not train public AI models on client data. Your business data is used exclusively to deliver your contracted services.
  • Client data is logically isolated at the database level using Row Level Security. There is no shared access between client tenants.
  • All data processing is performed within secure, audited environments. No client data is transferred to unauthorized third parties.
  • Upon service termination, client data is purged within 90 days unless retention is required for legal compliance.

Responsible Disclosure

If you discover a security vulnerability in any SoftCode system, we encourage responsible disclosure. Please report findings to [email protected]. We commit to acknowledging reports within 48 hours and providing an initial assessment within 5 business days.

Questions

For security-related inquiries or to request our latest security documentation, please contact us at:

SoftCode Solutions FZC

Email: [email protected]