SoftDocket

Platform · Security

Built for the audit you haven't been asked for yet.

Row-level tenant isolation, SSO, MFA, encrypted at rest and in transit, append-only audit log — by default, not by request.

Capabilities

Defence in depth, audit by default.

  • Row-level tenant isolation

    Every query is filtered by tenant at the database layer — no cross-tenant data leakage path.

  • SSO + MFA

    SAML 2.0, OIDC, Google Workspace, Microsoft Entra. TOTP MFA required for admin roles.

  • Encryption

    AES-256 at rest, TLS 1.3 in transit, BYO-KMS for enterprise tenants.

  • Audit log

    Append-only log of every mutation: actor, resource, before, after, IP, timestamp.

  • DPDP + GDPR aligned

    Data residency in India by default. DSR workflows. Consent ledger. Vendor sub-processors documented.

  • Pen-tested + scanned

    Annual third-party pen test. Continuous SAST/DAST. Dependency scanning on every commit.

Architecture

Trust boundary at every layer.

  1. Edge

    WAF, bot defence, rate limiting, TLS 1.3 termination.

    • WAF
    • Bot defence
    • Rate limit
  2. Identity

    SSO via SAML/OIDC; MFA for admin; just-in-time access for support engineers.

    • SAML/OIDC
    • MFA
    • JIT access
  3. App

    RBAC enforced at the resolver layer; every mutation creates an audit entry.

    • RBAC
    • Audit log
    • Idempotency
  4. Data

    Row-level isolation. Encryption at rest. Daily encrypted backups. PITR.

    • RLS
    • AES-256
    • PITR backups

Trust centre and current certifications: /en/legal/security

Why CISOs pick it

Pass the security questionnaire on the first pass.

  • Answers the long questionnaire

    Trust centre, DPA, sub-processor list, pen-test summary, SOC 2 status — all in one place.

    Avg 1-day infosec turnaround

  • Tenant isolation you can prove

    Row-level isolation enforced in the database, not just in code. Auditable, testable.

    Zero cross-tenant findings

  • Audit log on day one

    Append-only mutation log. Compliance gets answers in minutes, not weeks.

    100% mutation coverage

Common questions

Compliance, residency, and incidents.

Talk to security

Get the DPA + trust pack.

We'll send the security questionnaire response, DPA, sub-processor list, and pen-test summary — usually within one business day.

Security & Compliance — SoftDocket Platform