1. Commitment to Data Protection
At Solcio, we understand that providing access to your SaaS stack and expenditure data requires absolute trust. We are committed to maintaining the highest industry standards of secure data handling, encryption, and operational integrity.
2. Data Encryption
Encryption in Transit: All data transmitted between your local devices, your third-party SaaS vendors, and Solcio's infrastructure is securely encrypted using TLS 1.3 encryption protocols.
Encryption at Rest: Customer data stored within our cloud environment—including APIs, analytics data, and generated reports—is encrypted at rest using industry-standard AES-256 encryption.
3. Cloud Infrastructure & Operations
Our infrastructure relies on leading cloud providers (e.g., Vercel, Google Cloud, AWS) that maintain rigorous physical and network security compliance measures (ISO 27001, SOC 2 Type II).
We do not operate our own physical servers. Access to our cloud environments is strictly restricted via specific IAM roles, enforced multi-factor authentication (MFA), and the principle of least privilege.
4. Compliance Status
- SOC 2 Compliance: We are aligning our internal policies and controls for formalized SOC 2 Type I certification.
- GDPR & CCPA readiness: Solcio provides robust data deletion and subject access request processes, guaranteeing compliance with European and Californian data protection laws.
5. Vulnerability Management
We continuously monitor our networks and applications for specific vulnerabilities using automated continuous integration checks. Regular codebase reviews and third-party dependency scanning ensure that vulnerabilities are patched promptly.
6. Report a Vulnerability
If you have discovered a potential security risk in Solcio's applications or domains, please contact our security team immediately:
Security Contact
Email: security@solcio.ai