SoftDocket

Legal

Security

ISO 27001-aligned controls, RBAC across 25+ roles, encryption in transit and at rest.

Encryption

All traffic is TLS 1.3. Data at rest is encrypted with AES-256. Backups encrypted with separate KMS keys.

Access control

Role-based access control across 25+ roles. SSO (SAML / OIDC) available on Enterprise. Production access is MFA-mandatory and audit-logged.

Monitoring & incident response

24×7 monitoring with on-call rotation. Critical incidents acknowledged within 15 minutes. Post-incident reports published per the SLA.

Reporting a vulnerability

Email [email protected]. PGP key available on request. We commit to a first response within 48 hours.

SOC 2 Type II report is in flight; ETA R2A. Penetration test results are shared under NDA on request.