arrow_backBack to Security

Trust Center 2hAIgh

A Trust Center with complete information on security, privacy, architecture, reference frameworks and operating documents for technical and compliance reviews.

Security summary

We operate with a defense-in-depth approach to protect business and operational data. We apply encryption, environment segmentation, reinforced authentication and continuous monitoring.

Coverage: data in transit and at rest
Access control: MFA and granular permissions
Perimeter: WAF and early detection
Evidence: available under NDA

Privacy and confidentiality policies

We bring together policies and terms to support legal and technical reviews.

Defines legal basis, processing purposes, retention and data-subject rights.
Documents the technical language cookie, the absence of advertising cookies and the criteria for cookieless analytics.
Sets access levels, sensitive-information handling and obligations for each party.
Describes retention periods, backup windows and secure deletion process.
Includes usage terms, shared responsibilities and formal support channels.

Architecture and encryption

The technical design prioritizes isolation, strong encryption and incident-response readiness.

Cryptographic controls

  • TLS 1.3 for traffic in transit
  • AES-256 for data at rest
  • Key rotation and custody

Infrastructure controls

  • Client-isolated containers
  • Development/testing/production segmentation
  • WAF, MFA and continuous monitoring

Reference frameworks

We use recognized frameworks to structure controls; formal certifications are in progress.

Reference

ISO 27001

Reference for security governance, risk management and continuous improvement.

Best practices

SOC 2

Application of security, availability and confidentiality principles. Status: in progress.

Cumplimiento

RGPD

Personal-data processing under principles of minimization and accountability.

Reference

CCPA

Privacy framework used as a reference for international clients.

Subprocessors

We do not operate with a closed vendor catalog: the stack is adapted per project based on economic and operational criteria and each client's context.

Infrastructure, deployment and networking
Transactional email and operational communications
Storage, databases and automation
Observability, support and alerts

When a project involves personal-data processing, the specific subprocessors are documented before processing in the applicable contract, DPA or annex, including purpose, safeguards and location or region where relevant.

FAQ

Data is stored encrypted, with least-privilege access controls and event traceability.
We activate response protocol, technical containment, communication with affected parties and a remediation plan.
Yes. Under NDA and according to service scope, we share control documentation and technical evidence.